Adtech and Real-Time Bidding under European Data Protection Law

This article discusses the troubled relationship between contemporary advertising technology (adtech) systems, in particular systems of real-time bidding (RTB, also known as programmatic advertising) underpinning much behavioral targeting on the web and through mobile applications. This article anal...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:German law journal Ročník 23; číslo 2; s. 226 - 256
Hlavní autoři: Veale, Michael, Zuiderveen Borgesius, Frederik
Médium: Journal Article
Jazyk:angličtina
Vydáno: Toronto Cambridge University Press 01.03.2022
Témata:
Advertisements
Advertising
Behavior
Data integrity
Data processing
General Data Protection Regulation
Infrastructure
Internet
Internet access
Intervention
Law
Online advertising
Privacy
Protection
Security
Servers
Software
Technology
Third party
Transparency
URLs
Web analytics
Websites
ISSN:2071-8322, 2071-8322
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This article discusses the troubled relationship between contemporary advertising technology (adtech) systems, in particular systems of real-time bidding (RTB, also known as programmatic advertising) underpinning much behavioral targeting on the web and through mobile applications. This article analyzes the extent to which practices of RTB are compatible with the requirements regarding a legal basis for processing, transparency, and security in European data protection law. We first introduce the technologies at play through explaining and analyzing the systems deployed online today. Following that, we turn to the law. Rather than analyze RTB against every provision of the General Data Protection Regulation (GDPR), we consider RTB in the context of the GDPR’s requirement of a legal basis for processing and the GDPR’s transparency and security requirements. We show, first, that the GDPR requires prior consent of the internet user for RTB, as other legal bases are not appropriate. Second, we show that it is difficult—and perhaps impossible—for website publishers and RTB companies to meet the GDPR’s transparency requirements. Third, RTB incentivizes insecure data processing. We conclude that, in concept and in practice, RTB is structurally difficult to reconcile with European data protection law. Therefore, intervention by regulators is necessary.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2071-8322
2071-8322
DOI:10.1017/glj.2022.18