UK Web Users’ Data ‘Shared 987 Times Per Day’

Data on most internet users is shared hundreds of times per day through the online advertising industry’s real-time bidding system, a new study has suggested.

The report from the Irish Council for Civil Liberties (ICCL) found the average European internet user’s information is shared 376 times per day, rising to 747 times for US-based users.

The US state of Colorado and the UK were amongst the most targeted by internet ad bidding, with their information shared respectively 987 times and 462 times per day, according to the report.

The ICCL said its figures are based on a 30-day feed from Google, which is made available to industry but not to the public.

‘Data breach’

And it said the figures are a low estimate – in part because they don’t include information from two of the biggest players in online ads, Facebook owner Meta and Amazon.

The ICCL is currently engaged in legal action with the online ad industry and the EU’s Data Protection Commission, describing the real-time bidding (RTB) system as an epic data breach.

Web users have never explicitly given consent to the system, which should make it unlawful under EU data protection laws, the ICCL argues.

“RTB is the biggest data breach ever recorded,” it said in the study. “It tracks and shares what people view online and their real-world location 294 billion times in the US and 197 billion times in Europe every day.”

In areas at the bottom of its chart, such as the US’ District of Columbia and Romania, a user’s information is still shared on average 486 times per day or 149 times per day, respectively, the report found.

Personal information

“Europeans and US Internet users’ private data is sent to firms across the globe, including to Russia and China, without any means of controlling what is then done with the data,” the ICCL said.

Google, the biggest RTB player, allows 4,698 companies to receive information on people in the US, while Microsoft – which bought adtech firm Xandr last year – says it may send information to 1,647 companies.

“Every day the RTB industry tracks what you are looking at, no matter how private or sensitive, and it records where you go. This is the biggest data breach ever recorded. And it is repeated every day,” said ICCL senior fellow Dr Johnny Ryan in a statement.

The data typically includes information such as the device viewing the web content, its location and prior browsing history.

Individual profiles

Privacy advocates say that while the information is anonymised, data brokers can easily build profiles targeting particular individuals by assembling data from different sources.

Following a leaked US Supreme Court opinion earlier this month, suggesting that it plans to overturn abortion rights in the country, privacy campaigners warned online data could be used to target those who seek or provide soon-to-be-illegal termination services.

The ICCL said data brokers have used the ad information to profile Black Lives Matter protestors, while the US Department of Homeland Security and other agencies have used it for warrantless phone tracking.

Privacy controls

Google said it is investing in new technologies to “build privacy-forward advertising solutions” and “eliminate tracking” across the web.

The company said in a statement it sets “industry-leading safeguards” on the use of data for real-time bidding with “stringent restrictions” on how it is shard with advertisers.

“We don’t share personally identifiable information and we also don’t show ads based on sensitive information, such as health, race, or religion,” the company said.

“We require publishers to prove they have people’s consent before showing any personalised ads and have done for many years.”