Every time we click and swipe our way through the internet, our data is being collected in ways that are not visible or incomprehensible for us – the users. Data sits in all the veins of digital services and is a goldmine for advertisers bitting for our attention in ongoing online auctions that happen in real time and in milliseconds (thus the name of the system; Real Time Bidding, RTB). As we click and swipe, potential bidders can thus find out details about us and micro-target us based on their knowledge about us. Our location, birthday, the unique number associated with our mobile devices, our interests, dreams and deepest wishes.
According to Belgium’s privacy regulator, these “tactics Google and other large online-ad players use in digital ad auctions violate European Union privacy law”. According to Politico this is what they wrote in an internal, preliminary report recently published in October 2020.
And it’s not all about Google. According to the Wall Street Journal October 2020, the preliminary report focused on the European arm of the Interactive Advertising Bureau (IAB). IAB is “an online ad trade group that the investigators said is responsible for how its member companies buy, sell and use individuals’ data in digital ad transactions”. Belgium claims jurisdiction over IAB Europe, because they are based in Belgium.
But Belgium is not the only country that puts RTB and it’s main actors under the looking glass.
Ireland, the UK and Many Other Countries
The first RTB complaints were filed in the UK and Ireland in the autumn of 2018. Behind the compliant was among others Dr Johnny Ryan who worked with the private web browser, Brave, back then. On their website it reads: “Every time a person visits a website and is shown a “behavioural” ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies. Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website”.
On top of that Dr Ryan concluded: “There is a massive and systematic data breach at the heart of the behavioral advertising industry. Despite the two year lead-in period before the GDPR, adtech companies have failed to comply. Our complaint should trigger a EU-wide investigation in to the ad tech industry’s practices, using Article 62 of the GDPR. The industry can fix this. Ads can be useful and relevant without broadcasting intimate personal data”.
Big business, Big data – Big thing!
If the judges agree with him and the other complaints time will tell. And it’s a big thing – because it’s a big business. IAB Europe claims that some 6.7 billion euros, equivalent to $7.85 billion, were spent last year on real-time, online ad bidding. Google being one of the dominant forces in online advertising. With so much data being pushed around, consumers are in need of regulaters’ looking out for their fundamental privacy rights.
Go read the timeline
And, right now regulators all across Europe is investigating whether the the real-time ad bidding system is in conflict with GDPR, as the Belgians believe. And it really is ‘all across Europe’. According to Brave the cases are piling up – and you can read a full timeline of all the cases in europe about – what they call – the biggest data breach in history.
”Every day, the online ad industry broadcasts what every Internet user reads and watches to thousands of companies, hundreds of billions of times a day. Together with 21 privacy activists and organizations, Brave is using the GDPR to end it”.
Maybe it is very well following these cases, as perhaps – or should I write ‘hopefully’ – it could change the digital economy, as we know it.
Also read this report from the UK’s data authorities on the ad tech industry concluding: What we found was an industry that understood it needed to make improvements to comply with the law.
And the German competition authorities and their work here