How many times do you think your privacy gets violated every day you spend surfing the web? Maybe once? Twice? A few dozen times? It turns out that daily number is in the hundreds, according to a new report from the Irish Council for Civil Liberties (ICCL). On average, a European user’s data is shared with advertising and adtech middlemen 376 times per day—and for Americans, it’s double that: 747 times daily, the report reads.
That’s how often people online across the world are exposed to a little-known process called “real-time bidding,” or RTB, the ICCL says, citing figures from a “confidential” source. RTB is the process that advertisers use to place bids on advertising slots on a page, auction style. Every time you load up a webpage, there’s a span of about 200 milliseconds where the webpage shares data about you and your browser. Then advertisers offer a dollar amount to target their ads towards that bundle of data. The highest bidder takes the slot, and their ad appears to you. RTB happens on your desktop, in your mobile browser, inside apps, or really anywhere ads are found.
It turns out the number of times a person’s browser might be inadvertently forwarding their data depends on where that person is based. The ICCL’s report is the first one out there that actually tries to quantify the number of these requests by state in the U.S., and by different territories within the E.U. On American soil, Colorado users were firing off the most RTB requests at a whopping 987 per day, while those in Washington, D.C. only sent off 486.
Considering how an RTB request gets fired off with every ad a person sees, you could consider these numbers as a proxy for the number of ads people are seeing per day, too. When the report says folks in California are firing off 804 RTB requests per day, those requests are tied to an ad each—which means Californians are seeing around 800 ads per day across different surfaces, too. In New York, where Gizmodo is based, folks are seeing 814 ads per day, on average.
More often than not, talking heads in the adtech industry will say the data that RTB sent back to these adtech players isn’t necessarily “identifiable”—or tied to, say, specific details like your name or your email address. Instead, these bid requests typically contain your IP address or your location among other so-called “anonymous” details, which, aren’t really as “anonymous” as industry figures think. Immigrants have been prosecuted and religious figures forced out of the closet based on data that could easily be obtained from the bid requests that those people were unknowingly passing from their apps and browsers every day.
Europe’s privacy legislation might not be perfect, but it’s still one of the strictest on the planet, which means that the ads a person in the E.U. sees might be leaking as much data as in the U.S. Even the “worst” on the list of hubs across the pond was the United Kingdom, and the average user there was found to be sending off 462 RTB requests per day—less than half their Colorado counterparts.
Those hundreds and hundreds of daily requests sent out are a conservative estimate of what’s actually being broadcast from our devices, however. Out of all the middlemen in the online ad ecosystem, Facebook, Amazon and Google—the so-called “triopoly”—support the lion’s share of these RTB transactions. But the ICCL’s report exclusively looked at Google’s activity, omitting the other two entirely.
Even one company is bad enough; as part of the hundreds and hundreds of bid requests we’re sending out every day, the ICCL estimates that Google’s passing off that data to roughly 4,700. middlemen, all operating with relatively little scrutiny. But considering how European data watchdogs are opening probes into the RTB process left and right, it looks like these orgs won’t be operating in the shadows for too much longer.