Digital Advertising and the GDPR Identifying the (Joint) Controllers in the Real-Time Bidding Ecosystem
Keywords:
Real-time Bidding, Digital Advertising, Controller, Data Protection, GDPRAbstract
In digital advertising, real-time bidding allows advertisers to place their advertisements in publishers’ inventories in real time, after having participated in an auction with competing bidders. In Europe alone, personal data on users’ online behaviour is collected and shared 197 billion times per day by more than 1000 firms’ part of the real-time bidding ecosystem. This gives real-time bidding the title of the “biggest data breach ever recorded”. Having a clear understanding of the roles and responsibilities of the entities involved in real-time bidding becomes of paramount importance to enhance compliance with the data protection legislation and adequately safeguard data subjects’ rights. This paper aims to identify the (joint) controllers for the personal data processing operations performed during a real-time bidding auction.