The ICO flagged a number of issues in relation to the use of personal data. They noted that “while many RTB market participants place some controls on their processing and sharing of personal data, it’s become apparent during our work that there are substantially different levels of engagement and understanding of how data protection law applies, and the issues that arise.”
The AdTech RTB controversy is the most poignant example of the limitations of traditional approaches to data protection. These traditional approaches are premised on the notion that data use and data privacy are necessarily in conflict with one another.
The term “5th Cookie” is a metaphor that encapsulates the goal of leveraging GDPR compliant Pseudonymisation to bridge “consent gaps.” These “consent gaps” appear when the type of processing is too broad or undefinable (such as by machine learning and AI programs often used in RTB), so a data subject cannot give valid consent to authorise the desired processing in compliance with GDPR requirements for consent. Pseudonymisation can help to alleviate this issue. “Demonstrable accountability” leveraging auditable and documented technical safeguards allows RTB data innovation to be balanced with the assurance of the full range of individual rights.