Global Chaos as Microsoft Outage Disrupts Critical Services

View All

Case Studies

Securing Cyber-Physical Systems for a Defence Manufacturer

View All

Upcoming Events

LEMA Summit 2024

View All



Hybrid Theory Algorithmic Impact Assessment Case Study

3rd Jun, 2021

Hybrid Theory are a global advertising company that provide technology services to help brands ensure that online website users receive advertisements that are relevant to their interests. Since 2019, Gemserv Ltd. has acted as Hybrid Theory’s outsourced Data Protection Officer, which involves advising on data protection compliance in various jurisdictions.

The Challenge

Hybrid Theory worked with Gemserv to conduct an Algorithmic Impact Assessment (AIA) for their advertising engine. This was needed to take advantage of the compliance and reputational benefits that aligning to the ICO’s AI auditing framework would provide.

The challenge involved a high-tech internally developed AI system to assign labels to data sets (mostly consisting of user browsing history). These user segments help with identifying website user demographics and allow advertisements to reach their intended audience.

Our Approach

Using a methodology developed by Gemserv and aligned to the ICO’s framework, Gemserv’s AIA involved examining the risks associated with the system, training and testing of data used in the AI system, the outcomes (in the form of profiles and recommendations) produced by such systems, and security controls around databases used.

Gemserv deployed consultants from the Cybersecurity & Privacy and Digital Services teams, with skills in data protection compliance, information governance, data science and software development. They conducted an audit through a series of interviews with the Chief Technology Office, Head of Products and other staff, and examined core documentation and policies used in the design and operation of the AI system.

The Results

Following the assessment, Gemserv were able to propose several recommendations, particularly focused on ensuring accuracy and non-bias in AI scoring systems, and the existence of controls for supporting individual rights over their data.

These included supporting Hybrid Theory with a governance and change management mechanism for the introduction of new AI systems, further access and other security controls on the AI database, and ensuring that no sensitive or children’s data is used in creating user profiles used in online advertising. The implementation of such controls allowed Hybrid Theory to build ethics by design into its advertising engine, ensuring the organisation took advantage of the reputational benefits by staying ahead of its competitors with regard to building ethics and trust.