Skip to main content
Industry Contributor 26 May 2019 - 3 min read

Doubleclick probed as regulators take aim at programmatic

By Paul McIntyre - Executive Editor

Google’s Doubleclick is being formally investigated by Ireland’s data watchdog over alleged GDPR breaches. The probe was triggered by Dr Johnny Ryan, chief policy officer at private web browser company, Brave. The group suggests the scale of data leakage by Google and other ad tech companies involved in real time bidding is greater than Facebook/Cambridge Analytica – and the complaint has been lodged with several more European regulators (Brave).


Key allegations:

  • That Doubleclick breaches GDPR by “broadcast[ing] personal data about visitors … to 2,000+ companies, hundreds of billions of times a day”.
  • The data broadcast can enable highly detailed profiling
  • “There is no control over what happens to the data once broadcast [and it] appears to be by far the largest leakage of personal data ever recorded”
  • “A change is coming that goes beyond just Google. We need to reform online advertising to protect privacy, and to protect advertisers and publishers from legal risk under the GDPR.” - Johnny Ryan, Brave
  • UK Information Commissioner’s Office also probing industry: “We are currently concentrating on the ecosystem of programmatic advertising and real-time bidding (RTB)” – (via The Register)

The investigation is potentially bigger than Google and could determine the future of real-time bidding. That is, if regulators agree with the claims and take action. Ryan is trying to force change, and has amassed a detailed dossier of evidence that suggests all RTB exchanges are non-GDPR compliant by their nature. As well as using it to file complaints with multiple European data regulators, Ryan’s been walking U.S. senators through the ins and outs of RTB, and arguing his case with intelligence and eloquence. Much of it boils down to consent, and how people that use the internet can knowingly consent to such widespread collection of data, and subsequent profiling, “by companies they have never even heard of”.

Within the dossier, Ryan notes the IAB’s own position on real-time bidding and GDPR, highlighting key lines: “As it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario, programmatic trading, the area of fastest growth in digital advertising spend, would seem, at least prima facie, to be incompatible with consent under GDPR.” The document goes on to state that without consent under the EU’s definitions, there is no legal basis “for such [data] processing to take place or for media to monetise their content in this way”.

Regulators tend not to hurry when it comes to making big decisions. Ryan acknowledges that it may “take years for GDPR to take effect”, but already, he suggests, “things are looking very bleak” for Google and others. Ryan, by the way, advocates contextual targeting as the solution.

Share your reaction (and see how others voted)

Leave a comment (you must be logged in)

Be the first to comment

Paul McIntyre

Executive Editor

Market Voice

Search Mi3 Articles

Make it personal

Join Mi3 to receive our weekly edition and personalise your experience