Ad tech companies share your online behavior and location with advertisers an average of 747 times a day in the US, and 376 times a day in Europe, according to a report by a civil liberties group. It describes the practice as the biggest privacy breach in the world.
The report says Google is the biggest offender, using a process called real-time bidding (RTB) to let advertisers target internet users by browsing behavior and locations …
What is real-time bidding?
When you see an ad on a website, that ad may have been automatically booked just milliseconds before you see it.
The way this works is supposed to be innocuous. Let’s say you visit a website about things to see in Boston, and Google has the contract to sell ad space on that site. The fact that you visited the site means Google knows you’re interested in visiting Boston.
Your IP address can also be used to determine your general location. So Google’s automated ad-selling software can announce, “We have 100,000 people from the West Coast of the US who are interested in visiting Boston – how much will you pay to display an ad to them?”
Advertisers interested in this audience will already have entered details into Google’s ad-sales system, stating the amount they are willing to pay for ads to various target groups. Google finds the company with the highest stated amount and then displays their ad.
What’s the privacy problem?
Although advertisers don’t know your identity, ad tech companies can gather information from your browser that reveal much more than your location and the specific website you are visiting.
As the Financial Times reported back in 2019, privacy regulators have expressed concerns that cookies are used to collect data on a whole range of websites visited by people, and that this can be used to create a detailed profile – which may be illegal in some countries.
To gather more data, companies often send browser data to third parties for data enrichment, to be able to build a profile of a person’s potential value to advertisers.
“The scale of the creation and sharing of personal data profiles in [real-time bidding] appears disproportionate, intrusive and unfair, particularly when in many cases data subjects are unaware that this processing is taking place,” the report said.
Specifically, the report found that companies were illegally collecting and bartering in special category data, which requires the explicit consent of the data subject. This could include a person’s race, sexuality, health status or political opinions.
Although the data is not tied to a specific identity – that is, nobody involved knows your name – it can be tied to a profile representing an individual.
Who shares details of your online behavior and location?
The ICCL says that Google makes the greatest use of RTB, and Microsoft is another large player. The organization wasn’t able to measure RTB usage by Facebook and Amazon.
The report’s figures are likely a conservative estimate of the full extent of RTB since the ICCL includes the caveat that: “[T]he figures presented for RTB broadcasts as a low estimate. The industry figures on which we rely do not include Facebook or Amazon RTB broadcasts.”
Per the report, Google, the biggest player in the RTB system, allows 4,698 companies to receive RTB data about people in the U.S., while Microsoft — which ramped up its involvement in RTB in December last year when it bought adtech firm Xandr from AT&T — says it may send data to 1,647 companies.
If you want to see the breakdowns by US state, and European country, you can do so in the report.
MARKETING Magazine is not responsible for the content of external sites.