This is a report that can become a landmark. Irish NGO ICCL (Irish Civil Liberties Council) published a paper yesterday that shows for the first time the incredible amount of data sharing that goes on in programmatic advertising.
“RTB” (for real time trading) is a technique widely used to track your online habits: By tracking the sites you visit and your location, companies – led by Google – can create a very accurate profile… which is then used to serve targeted ads on the Web. The giant market, estimated by ICCL at 117 billion euros in 2021, is in the US and Europe alone.
The problem is that in order for these ads to be relevant and make you want to click, you need to collect a huge amount of data. ICCL was able to access a staggering figure through a confidential source in the advertising industry. They show the extent to which, without realizing it, we deliver information to companies every minute, which then exchange it.
Thus, according to ICCL, information about the behavior of the Frenchman in the network is transmitted on average 340 times a day, or more than four times a minute. This is already quite a lot, but less than the average for Europe (376 times) and, above all, for America. A user in the United States sees their activity shared at least 747 times on average! Why such difference? This can probably be explained by the GDPR, a European regulation that requires all of these entities to obtain your consent before transferring your data.
Online, these numbers are dizzying. Every day there are 197 billion programmatic promotions in Europe and 294 billion in the US. It should also be noted that this is a low range, as ICCL did not have access to figures from Facebook and Amazon, who are big RTB experts themselves.
Why is it serious?
You might think that this is not bad. After all, this bulk sharing is only used to display innocent ads in the corner of a website, and besides, it’s not information that allows you to be identified. This would be wrong.
First, because this information goes from hand to hand a lot. In Europe, again according to an Irish NGO, Google – the industry leader – provides 42 billion shares daily to more than a thousand third-party companies. Sometimes obscure companies, some of which have their headquarters in China or Russia. And once your data has been transferred, “there is no way to limit its use” explains ICCL in his report.
However, many recent cases prove that third parties can use them not to show you ads, but for much more dubious purposes.
The example of Mobilewalla perfectly illustrates the dangers of this opaque market. This ” data broker (DMP, in jargon) can collect data from 1.5 billion terminals in 30 countries through free smartphone apps. A treasure that he then “sells” to partners…sometimes dubious.
In one article, WSJ explained at the end of last year how the data recovered by MobileWalla ended up in the hands of US federal agencies such as the Department of Homeland Security or the IRS, the agency in charge of collecting taxes… and was used to localize smartphones, in the US and abroad.
Incredible data traffic: MobileWalla simply – and apparently without malicious intent – transferred its data to another company called Gravy Analytics, which finally transferred it to its subsidiary Venntel. Venntel, a very reserved company (its website confirms this), has signed many contracts with US federal agencies.
We could give many other examples, such as the case of this gay priest who was forced to retire after being trapped in geolocation data collected by the dating app Grindr.
ICCL wants to end what she calls ” biggest data breach and moves to it on the legal front. Several complaints are pending. The most recent attacks are on the DPC (Irish Cnil), which the organization believes would not pay much attention to its requests to investigate Google.
Source : ICCL report