惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

Open Rights Group

Wanted: Government to fix the ICO Joint Letter: Protect VPNs Open letter for an investigation into the ICO over eVisas Civil society organisations call for ICO to be investigated over eVisas The end is nigh for US data transfers How AI in asylum decision-making drives failure and cost Dear Andy, we need a complete reset on digital policy John Edwards resignation is opportunity to appoint a regulator with teeth AI in Asylum Decisions: Transparency and Accountability Failures Stop Killing the Internet: New global movement launches MPs urged to vote for a Digital Sovereignty strategy The social media policy ratchet Starmer’s social media ban fails to address root causes of online harms This refugee week, take courage! The rise of copyright trolling Growing up in an online world: ORG Consultation Response Reset the ICO The ICO isn’t doing its job – why the data watchdog needs an overhaul The ICO isn’t doing its job – why the data watchdog needs to be reset ORG response to Consultation on the ICO’s approach to data protection complaint handling Companies and civil society warn that UK is undermining open web Papers Please! MPs back mass online digital ID checkpoints MPs call for publication of secret documents that outline chronic risks from UK’s dependence on Big Tech New report: UK needs digital sovereignty strategy to address threats from reliance on big tech The case for Digital Sovereignty and the Digital Commons After the LA Court verdict, the UK must disrupt surveillance capitalism business models 13 year olds could be compelled to use unregulated age verification Children’s Wellbeing and Schools Bill: Analysis of Amendment 38b ICO must investigate Reform ‘competition’ for data protection breaches Break privacy to make privacy? Age verification isn’t the answer Home Office use of AI in asylum cases likely to be unlawful, legal opinion finds Legal Opinion: The use of Artificial Intelligence tools in asylum cases MPs give ministers powers to restrict entire Internet Board Election Results Palestine Action ruling: Human rights organisations call for Ofcom to issue guidance on content takedowns
ORG response to ICO call for views on our approach to regulating online advertising
Mariano delli Santi · 2026-05-13 · via Open Rights Group

Open Rights Group response to the ICO call for views on their new approach to regulating online advertising

6 Targeting

What features within targeting are the minimum requirements for a commercially viable advertising model, and why?:

Commercial viability of targeting practices is not a static definition, but is ultimately determined by what practices are tolerated and allowed to be offered withing the online advertising market.

With this in mind, real-time-bidding and behavioural advertising are currently underscored by a free-for-all model where, once consent is given (and oftentimes, even when it’s not) adtech intermediaries process, share and repurpose this data at will. This is illegal under the UK GDPR, which requires data not to be processed beyond the specific, granular purpose for which consent was given.

It follows that the true value and commercial viability of advertising practices cannot be measured, insofar prices are distorted and the market is impacted by the unfair competition of non-compliant advertising practices. In turn, any serious assessment regarding the extent necessary of employing targeting features to attain a “commercially viable advertising model” should be preceded by an effective regulatory sweep to remove illegal advertising from the market, and restore a level playing-field for law-abiding businesses.

7 How significant are the changes in ICO regulatory posture towards PECR regulation 6 consent requirements that would be required to enable delivery of a commercially viable advertising model?

Change needed – Targeting: No change

Please explain your answer:

Firstly, the ability to target individuals based on personal data is the main enabler of harms, discrimination and predatory practices that plague online advertising. Targeting based on personal data exposes women to unjust prosecutions for their attempt to exercise reproductive health rights; problem gamblers to being targeted with gambling ads that are meant to exploit their addiction; anyone to be excluded on the basis of their gender, sexual preferences, ethnicity or other sensitive characteristics; children and those in a more vulnerable status to be targeted and taken advantage of.

These are not unfortunate outcomes, but inherent to the technolopgy being used: behaviour is the only personal data that can be observed and captured by storage and access technologies; however, behaviour is never a reliable proxy for an individuals’ characteristics, preferences or inner desires, but is a reliable mean to identify addiction, health statuses and other syndromes—all of which are, indeed, recognisable by “typical”, “compulsive” behaviours and clearly discernible patterns of behaviour. A system that is inherently bad at guessing your commercial preferences but inherently good at identifying weak spots that can be exploited does, not surprisingly, serve the purpose of exploiting individuals better than it does serve the purpose of delivering legitimate advertising. Advertising systems that target individuals on the basis of personal data should never be considered low-risk or exempted from consent requirements.

For the avoidance of the doubt, contextual advertising may not be considered as targeting on the basis of personal data, insofar targeting is based purely on the context of the website where the ad is being shown. The inclusion of information that either directly or indirectly relates to an individual—for instance, where the IP address was used to guess the geolocation of an individual— should never be considered contextual and thus be treated as targeted advertising.

Finally, we would draw attention to the fact that the call for views includes the following statement:
“We will continue to enforce consent requirements for collecting personal information for ad targeting and personalisation.”

Therefore, we consider a relaxation of consent requirement for ad targeting based on any amount of personal data to be outside of the scope of this call for view, and we expect the ICO to honour this statement.

Impacts of our approach

8 How far do you agree that the approach outlined in our call for views can identify commercially viable solutions that can also safeguard people’s privacy and improve user experience?

Strongly disagree

Please explain your answer::

As mentioned in response to question 6, tolerance toward non-compliant advertising practices prevent a meaningful measurement of the true value and commercial viability of advertising practices “that can also safeguard people’s privacy and improve user experience”.

Adding to those considerations, the approach of the call for views turns the relationships between commercial viability and “safeguarding people’s privacy and improving user experience” on its head: it is for advertising market players to commercialise their services withing the boundaries and in compliance with the norms that have been established by legislation. The UK GDPR and PECR already require advertising to be done in a manner that safeguards privacy and our agency. The role of the ICO is to enforce these boundaries, not to adapt them to meet the needs of non-compliant advertising firms.

Finally, it is worth underscoring that, in the event of exemptions to cookie consent requirements being adopted, “safeguarding people’s privacy” would ultimately depend on the limits and safeguards in place that underpins those exemptions. The call for views provides some, welcome clarifications over what will not be exempted, but does not at any point clarify what practices may or are being considered to be covered by those exemptions. This does not allow to appreciate the approach, and if and in which manner the ICO is managing to “safeguard people’s privacy” while conducting this call for views.

10 Would you anticipate any of the following negative impacts if any of the capabilities referenced were permitted without PECR consent in circumstances where the ICO considers them to be low risk to people? Please select all that apply:

Increased risk of privacy harm

Please provide any evidence on the likely scale of these negative impacts:

This questionnaire give adtech providers ample freedom to argue in favour of removing consent requirements for a range of purposes, as listed in questions 1-6. From the perspective of civil society and independent experts, instead, the call for views does not provide any proposal whose impact on people’s privacy can be commented upon. Further, the call for views allows industry players to keep their responses as confidential, which could prevent evidence in favour of deregulation to be scrutinised publicly.

Notwithstanding that the “scale of these negative impacts“ can only be measured when a proposal will be presented, it is clear that the design of this call for views presents a very high likelihood to over-represent the views of the adtech industry and, in turn, to underweight the increased risk of privacy harm that could result.

Technical safeguards

12 Are you aware of any technical safeguards to reduce data protection and privacy risks of storage and access of information for the advertising purposes listed above?

Giving legal enforceability to technical signals would allow individuals to express consent for online advertising targeting via browser settings and communicate them persistently as they browse the Internet, thus ensuring that meaningful choices can be made and communicated to adtech providers. This solution would also constitute an effective way to allow individuals to object and opt-out of processing, thus ensuring that they retain choice and agency in an opt-out model of online advertising. Finally, such a system could also be relied upon by parents to set consent preferences via parental controls and thus protect their kids from online tracking.

According to Schedule 12(2) of the Data (Use and Access) Act:

(3) […] the means by which the subscriber or user may signify consent include—
10(a) amending or setting controls on the internet browser which the subscriber or user uses; (b) using another application or programme.

Therefore, powers to amend exemptions to Regulation 6 PECR could be used to give legal enforceability to technical signals.

22 We may wish to contact you for further information on your responses. If you are happy to be contacted, please provide your name and an email address below.

Please provide your name: Mariano delli Santi

Please provide your email address: mariano@openrightsgroup.org