“The big data leak”: your personal information shared hundreds of times a day

The big data leak your personal information shared hundreds of

This is a report that could be landmark. The Irish NGO ICCL (Irish Council for Civil Liberties) released a document yesterday that, for the first time, shows the incredible extent of data sharing that occurs in programmatic advertising.

The “RTB” (for real time bidding) is a technique widely used to track your online habits: by monitoring the sites you visit, your location, companies – Google in the lead – are able to establish a very precise profile… which is then used to serve targeted advertising on the Web. A gigantic market, estimated by ICCL at 117 billion euros in 2021, in the United States and Europe alone.

The problem is that for these ads to be relevant and make you want to click, you have to collect a gigantic mass of data. The ICCL was able to have access, through a confidential source in the advertising industry, to staggering figures. They show to what extent, and without our realizing it, we deliver information every minute to companies which then exchange it.

5421e4c4ca49d4bf67140ce5df678

Thus, the online behavior of a French person is shared 340 times a day on average, or more than four times a minute, according to figures from the ICCL. This is already a lot, but less than the European average (376 times) and above all the American one. A user in the United States sees his activities shared no less than 747 times on average! Why such a difference ? This can probably be explained by the GDPR, the European regulation which obliges all these actors to obtain your consent before siphoning off your data.

Web-wide, those numbers get dizzying. Every day, 197 billion shares related to programmatic advertising are made in Europe, and 294 billion in the United States. It should also be noted that this is a low range, the ICCL not having had access to figures from Facebook and Amazon, themselves major specialists in RTB.

Why is it serious?

You might think that’s not a bad thing. That after all, this massive sharing is only used to display innocent ads on a corner of a website, and that in addition, it is not information that allows you to be identified. It would be wrong.

Firstly because this information circulates a lot from hand to hand. In Europe, still according to figures from the Irish NGO, Google – leader in the sector – carries out 42 billion shares every day to more than a thousand third-party companies. Sometimes obscure companies, some of which have their headquarters in China or Russia. And once your data has been shared, “there is no way to restrict its use” explains the ICCL in its report.

However, many recent cases prove that it is possible for third parties to exploit them not to display advertising to you, but for much more dubious purposes.

The position of a smartphone

The example of Mobilewalla perfectly illustrates the dangers of this opaque market. This ” data broker (DMP, in the jargon) is able to collect data from 1.5 billion terminals in 30 countries, through free smartphone applications. A treasure that he then “sells” to partners…sometimes dubious.

In one article, the WSJ explained at the end of last year how the data recovered by MobileWalla had ended up in the hands of US federal agencies, such as the Department of Homeland Security or the IRS, the agency in charge of tax collection… and had been used to locate smartphones, United States and abroad.

Incredible data traffic: MobileWalla had simply – and apparently without malicious intent – ​​transferred its data to another company, called Gravy Analytics, which had finally transferred it to its subsidiary, Venntel. Venntel, a very discreet company (his website is proof of that) which has signed many contracts with US federal agencies.

One could cite many other examples, such as that of this homosexual priest, forced to resign after being trapped by the geolocation data collected by the dating application Grindr.

The ICCL wants to put an end to what it calls ” biggest data leak and gets down to it on the legal front. Several complaints are pending. The most recent attacks the DPC (the Irish Cnil) which according to the organization would have paid little heed to its requests for an investigation into Google’s practices.

Source : ICCL report

1nc1