This morning’s Observer column:
The computerised, high-speed auction system in which online ads are traded seems not to be compatible with the law – and is currently unregulated. That is the conclusion of a remarkable recent investigation by two legal scholars, Michael Veale and Frederik Zuiderveen Borgesius, who set out to examine whether this “real-time bidding” (RTB) system conforms to European data-protection law. They asked whether RTB complies with three rules of the European GDPR (General Data Protection Regulation) – the requirement for a legal basis, transparency and security. They showed that for each of the requirements, most RTB practices do not comply. “Indeed,” they wrote, “it seems close to impossible to make RTB comply.” So, they concluded, it needs to be regulated.
It does. Often the problem with tech regulation is that our legal systems need to be overhauled to deal with digital technology. But the irony in this particular case is that there’s no need for such an overhaul: Europe already has the law in place. It’s the GDPR, which is part of the legal code of every EU country and has provision for swingeing punishments for infringers. The problem is that it’s not being effectively enforced…