There’s a well-quoted line from Steve Jobs, that as Apple CEO he didn’t employ smart people to tell them what to do, but so that they could tell him what to do.
It was a line that came to mind as I looked round the busy room yesterday at the ICO’s adtech fact finding forum.
We had more than a hundred people with something to say about adtech, from publishers to advertisers, from civil society to start-ups, from adtech firms to lawyers. As the regulator, I’m delighted we could bring so many smart and engaged people together, prompted by concerns about how people’s personal data is used in real-time bidding in programmatic advertising. And while we weren’t there to be told what do, we were certainly there to listen: to better understand the challenges and views of the different aspects of a complex system.
One thing that struck me was the amount of engagement from the different parties in the room. Anyone familiar with where adtech meets data protection will know that there are tensions. Several EU data protection agencies are looking at complaints suggesting aspects of the system used to present real-time personalised adverts do not comply with GDPR. But what I saw yesterday was constructive discussion and a definite willingness to find a way for the system to work for everyone, including - crucially - consumers.
There were clearly distinct views on specific aspects. How much personal data, if any, is necessary for the system to function effectively? Could consumers ever be given enough information to understand what’s happening to their data? Is there a lawful basis for processing data that can be consistently applied across the whole ecosystem? These are complex issues, and it is unlikely that there are straightforward answers.
However there was a consensus in the need for improvements. The sophistication of the technology needed to sell these online adverts to the highest bidder in real time is remarkable. But there was an acceptance that it is imperfect, and that improvements are needed for it meet the expectations of today’s laws. Discussions included improvements already in train as well as more sweeping changes that could follow further down the line, and all were considered in a positive and pragmatic way.
From the regulator’s perspective, we know we have more work to do. We need to absorb the views shared yesterday, and have invited attendees to provide any further reflections and comments on the day’s discussion in a brief email. We would also be happy to accept comments from those who could not attend, again limited to 1,000 words, by the end of next week (just email them to firstname.lastname@example.org).
Most of all, we want to benefit from the smart people who shared their views with us yesterday, as well as the smart people we are fortunate to have working at the ICO, to help us find the right way forward. Thanks to all involved!
Simon McDougall is Executive Director for Technology Policy and Innovation at the ICO where he is developing an approach to addressing new technological and online harms. He is particularly focused on artificial intelligence and data ethics.
He is also responsible for the development of a framework for auditing the use of personal data in machine learning algorithms.