Adtech and data privacy: Balancing compliance and innovation

By  Rishi Agrawal

The world of advertising has evolved over the last decade, driven by the vast digital footprints consumers leave behind. Adtech plays a pivotal role here, using an agglomeration of advanced tools such as demand-side, supply-side and data management platforms to create targeted digital advertising campaigns. By analysing browsing history and online behaviour, advertisers can now predict what consumers are looking for by targeting, profiling and classifying them. Technology has made it possible to pinpoint these factors with greater precision than ever before, by making ad campaigns effective on the basis of what to show, whom to show it to, and when to show it. However, determining consumer needs and behaviour is no simple task. It requires sophisticated tools and careful analysis to ensure ads resonate without overstepping privacy boundaries. While these advancements have made advertising budgets efficient, there is also the risk of companies going too far. Some may misuse data, leading to ethical concerns about consumer privacy. This delicate balance between innovation and responsibility is where the future of advertising lies. As digital interactions grow, so does the need to establish clear guidelines that protect consumers while still allowing businesses to innovate and reach their audience effectively.

In India, adtech is guarded by the provisions of the IT Act, 2000, Advertising Standards Council of India (ASCI) Guidelines, Consumer Protection Act, 2019 and Telecom Regulatory Authority of India Guidelines juxtaposed with still-evolving regulations around data protection. However, with an emphasis on consent-based practices due to the DPDP Act, advertisers are rethinking their approaches as current data hoarding practices will soon become redundant. Privacy-led marketing is becoming increasingly important as consumers grow more aware of how their data is being used.

To illustrate how big tech companies and data fiduciaries extract data, consider how they use cookies and device IDs. A user might allow a website to track their activity through cookies, aware they are consenting. Yet, data-driven big techs can stretch beyond permissions, gathering behavioural data across devices to generate detailed consumer profiles. In a seemingly innocent conversation with a smart speaker or voice assistant, or generally around our devices with microphones, we might mention a product. Later, we encounter highly relevant ads for the same item on social media. This phenomenon, powered by massive data processing infrastructure, reflects how companies blur the line between seeking explicit consent and using implicit data collection mechanisms.

Globally, regulations such as the European Union’s General Data Protection Regulation (GDPR) have already demonstrated the risks and penalties associated with non-compliance. In India’s context, adtech platforms have relied heavily on such ‘implicit’ consent, raising serious questions about consumer rights and privacy. As the DPDP Act takes hold, these practices will come under greater scrutiny. Companies will be forced to rethink how they collect, store, and process data, moving away from the “data hoarding” practices of the past. The ramifications for non-compliance are severe, ranging from financial penalties to reputational damage. For instance, big tech giants and e-commerce platforms, which rely heavily on personalised advertising, will face the challenge of navigating this new regulatory landscape. In Europe, one of the biggest social media giants, has already been fined for violating GDPR by improperly managing user data. In India, similar enforcement could be expected, especially if companies fail to comply with new norms that emphasise transparency and consent.

While the emphasis on data privacy is a positive development, it also presents significant challenges for companies operating in the ad tech space where building consumer trust in a privacy-conscious market becomes utterly paramount. With stricter privacy laws, where ad tech companies face restrictions on personalised ads, retargeting, and behavioural tracking, which are key drivers of revenue, there arises a need for companies to be innovative with their approaches by exploring non-intrusive or contextual advertising. Emerging technologies could help achieve that. For example, AI-driven algorithms could process data in a way that maintains consumer anonymity while still delivering relevant ads. By leveraging privacy-first frameworks, companies can not only ensure compliance but also foster deeper relationships with their customers. For instance, big tech companies are experimenting with privacy-focused technology designed to replace third-party cookies, which have traditionally been used to track users’ browsing behaviour for personalised advertising. These work on the principle of assigning users to broader categories or topics based on their recent browsing activity which could include categories like fitness, travel or technology rather than tracking users across multiple websites. Such technologies carve a potential path forward for balancing targeted advertising with privacy concerns.

Striking a balance between the burden of compliance with the demands of adtech innovation is no small feat. Adtech companies are under constant pressure to adapt to privacy-driven regulations while still delivering cutting-edge solutions that drive business growth. As companies innovate, regulators are focused on creating a framework where data privacy is protected without stifling technological progress. Through a collaborative effort between companies and regulators, India can pave the way for a regulatory environment that encourages privacy-first ad tech innovation while enabling businesses to deliver value to consumers.

The author is CEO and Co-Founder of Teamlease Regtech. (Views expressed are the author’s own and not necessarily those of financialexpress.com)