What is AdTech?

The term AdTech refers to a combination of advertising technologies - mainly available on the Internet - through which advertisers and brands can better connect with their audience and exploit the value of their data. For instance, AdTech allows the targeting of potential clients in a more precise and customized way through cookies, web bugs or other online tracking tools.

According to recent reports, emerging technologies such as Artificial Intelligence (AI), big data analytics and the so-called "data lakes" have the potential to boost AdTech towards an exponential growth (see also our previous TMT Bites take on AI and data lakes and an overview of how AI is shaping the AdTech industry).

The large use of AdTech tools is already disrupting the marketing and retail sectors, especially in the online environment where customers' behavior and personal preferences are better tracked and monitored for commercial purposes (i.e. targeted advertising) compared to the "offline world" of physical shops and stores. In fact, participants in the AdTech industry collect and store a great deal of data about people who use the internet. This information is valuable to online advertising industry providers because it enables them to provide higher quality prospects to advertisers and therefore to charge more for the advertising inventory they supply. We are also facing several attempts to build "omni-channel" CRMs, including both customers' data collected online and offline.

However, the use of AdTech for profiling customers in the online environment and for the exploitation of data collected through AdTech tools also brings challenges concerning a wide variety of legal and regulatory issues, some of which we summarize in our list below.

Top legal issues to consider

  1. Data Privacy: AdTech is a growing trend, however it also give rise to concerns about how advertisers can track individuals and collect massive amount of data. For example, cookies allow the tracking of users' browsing history and the subsequent display of targeted advertising based on their preferences and online behaviour. This is becoming more and more relevant with the rise of AI, as we discuss in this article. In fact, the draft ePrivacy Regulation will reinforce existing provisions on online consent (also for cookies) for consistency with GDPR. This means that AdTech providers (and publishers) will have to adapt their processing practices to both the GDPR and the ePrivacy Regulation provisions in order to achieve compliance with major EU legislation.
  2. Data security: Advertising agencies are becoming attractive to cybercriminal, therefore, they should adopt adequate cybersecurity measures as much as other players of the digital sector do. In fact, there is a growing concern that ads data end up in the wrong hands. In this respect, IT security is crucial: agreements with or between AdTech providers should include specific clauses to ensure that the processing activities and the potential risks for data subjects are covered. Moreover, the loss of ads data may result in a data breach under data protection laws as well as endanger companies from a confidentiality or reputational perspective. The execution of an ad hoc insurance policy in order to cover cyber-risk is becoming a "standard" in these new digital environment.
  3. Contracts: The issue of protecting ads data is essential for the development of AdTech business. This is why contract negotiation in this field is crucial for achieving all the possible benefits while protecting the value of data as an asset. For instance, AdTech providers need to identify in advance who will be responsible in case the processing of data leads to wrong decisions affecting consumers or businesses. In this scenario, strong compensation and indemnity clauses can help, as AdTech providers should also be able to guarantee their reliability by means of adequate certifications and audits.
  4. Antitrust: Those who own the data own consumers' preferences and personal choices. In fact, there are companies (both providers and purchasers of AdTech services) capable of shaping markets specifically by means of their data-driven approach to the business. Indeed, AdTech makes this possible for a wide variety of companies operating in different sectors and industries. In fact, the performance of customer intelligence activities based on the extensive collection and processing of personal data can generate antitrust issues whereby data assets and analytics capabilities tend to restrict competition, especially with regard to the provision of digital services.
  5. Intellectual Property: IPRs management is an essential issue when it comes to negotiating agreements with or for providers of AdTech services. In fact, on the one hand, the data gathered through AdTech tools can be subject to some forms of IPRs protection, such as in the case of organized databases. Therefore, it is important to determine who is entitled to exploit the economic value of such data in advance. On the other hand, AdTech products may need legal assistance concerning IPRs: think of AI-powered tools (whose IPRs legal issues we discuss in detail in this article or advanced big data analytics software, which allows the creation of so-called data lakes.

Upcoming regulatory trends

Back in 2014 and 2015, the Italian Data Protection Authority (the Garante) published a set of resolutions (and FAQs) concerning the use of cookies and other AdTech tools especially for profiling users on the internet. Such guidance, in combination with the provisions of the Italian Data Protection Code implementing the ePrivacy Directive, remains the basis for AdTech regulation under Italian law and still applies to those data processing activities performed via AdTech tools. 

In fact, the Garante's resolutions on cookies are currently under review for GDPR consistency and most likely will be subject to further amendments in light of the upcoming ePrivacy Regulation. In this regard, there is no clear timeline for the implementation of such changes - also because the Garante's seven years mandate ends in May -. In addition, the ePrivacy Regulation is still very far from its final approval as the Council of the European Union is currently discussing the latest draft published in March.

Finally, the rise of AdTech is pushing for new self-regulatory efforts promoted by stakeholders of the digital sector. In particular, this is true with regard to the so-called Consent Management Platforms (CMPs). CMPs are software designed to support ad network providers and publishers in the optimization of online consent collection for the purpose of tracking users and displaying online behavioral advertising in compliance with GDPR and ePrivacy rules. In fact, CMPs are spreading fast (also in view of new ePrivacy rules) although they did not receive any "formal blessing" or recognition from national data protection authorities.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.