Report of the Data Protection Authority

Report of the Data Protection Authority

A few months ago, a report from the United Kingdom's Information Commissioner's Office (ICO) on the question whether RTB could be merged with GDPR was published. The aim of the report is to draw attention to the findings and to provide all information on the progress of one of the regulatory priorities and to inform the authorities of the views. There is no need to worry, the report contains no binding decision.

The report also relies on topics related to the current RTB model and is skeptical of the company's initiative. One of the main areas of criticism is the transmission of personal data without security, up to hundreds of billions of requests every day. Problems continue with the approval of data processing, excessive data collection and transparency.

GDPR rejects RTB

Unfortunately, no convincing evidence was found that any of the initiatives addressed the shortcomings in their current state. As a result, RTB in its current form and functioning does not comply with GDPR. 

List of the most important findings and conclusions from the report:

• Due to the lack of consent for the processing of personal data, the processing of highly sensitive data is considered illegal. 

• In general, there is a lack of understanding and correct use of Data Protection Impact Assessments (DPIAs) - an Environmental Impact Report is required under the GDPR Regulation if more types of data are collected more widely.

• Individuals do not have guarantees regarding the security of personal data in the open auction system.
  

• Without the individual's consent, profiles created for RTB with detailed information are shared with multiple parties.