Recent reports from a civil liberties group indicate that ad tech companies share your online behavior and location with advertisers an average of 747 times a day in the U.S., and 376 times a day in Europe, a major privacy breach. The group stated that this may be one of the largest privacy breaches in the world.
Google is the largest offender. The company uses a process known as real-time bidding (RTB) to let advertisers target internet users through browsing behavior and locations.
Originally cited by TechCrunch, a report compiled by the Irish Council for Civil Liberties (ICCL) noted that “Google and other key players in the high velocity, surveillance-based ad auction system are processing and passing people’s data billion of times per day”.
The ICCL argues that RTB is one of the largest data breaches ever.
Civil Liberty Group Warns of RTB Privacy Breach
What exactly is real-time bidding, or RTB?
Anytime you see an advertisement on a website, the ad itself was likely automatically ordered before you see it. How this works is that Google has developed a bidding system for its advertisers.
Say you are looking at a website for things to do in Las Vegas. If Google has a contract to sell ad space on the site, the website tells Google that you have an interest in Las Vegas. Your IP address determines your general location, so Google’s automated ad-selling software will inform advertisers that they have X amount of people in an area interested in Las Vegas, the advertisers then place a bid to win the ad space.
To make this process as fast and automated as possible, advertisers that show an interest may have stated the amounts they are willing to pay for ad space beforehand. The highest bid wins, and the winner’s ad is shown to the user. It is sort of similar to an army of bots sniper-bidding for the latest tech on eBay. However, instead of a new PS5, it’s your personal data.
Though advertisers are unsure of your identity, ad tech companies are able to gather information from your browser that reveals more than just your location and the browser that you are using.
A 2019 report by The Financial Times reveals that privacy regulators have concerns that cookies may collect data on a whole range of websites people visit. The collected data is then able to create a detailed profile, a practice that may be illegal in some countries.
The Financial Times explains that companies attempting to gather more data often send browser data to third parties for “data enrichment,” which helps build a profile of a person’s potential value to advertisers. The publication additionally stated that the scale of the creation and sharing of personal data profiles within RTB is “disproportionate, intrusive and unfair.”
They further stated that this is especially true due to the fact that many subjects are unaware that the process is occurring.
The report by The Financial Times also indicates that many of these companies are collecting and bartering specific category details through illegal means. Often, this specific data requires consent from the data subject. Examples of this type of information includes a person’s race, health status, sexuality and political opinions. While the data never links to a specific identity, meaning no one knows your name, it is possible for the data to tie to a profile that represents an individual.
According to the report by the ICCL, it is Google and Microsoft that makes the greatest use of RTB. However, it is worth noting that within the acknowledgements of the report, the ICCL indicates that they did not look at the RTB broadcasts of Facebook and Amazon, two companies that no doubt utilize RTB.
You can read the full report from the ICCL here.