Digital ad industry accused of 'world's largest data breach'

(Image credit: Pixabay)

The Irish Council for Civil Liberties (ICCL) is suing a branch of the Interactive Advertising Bureau (IAB) and the broader online marketing industry, accusing it of facilitating "the world's largest data breach.” 

The New York-based IAB Tech Lab develops standards for the digital ad industry standards, and counts the likes of Facebook, Google and Amazon as members.

The case, which has been filed by ICCL’s Dr. Johnny Ryan, a former advertising industry professional turned privacy advocate, revolves around the auctioning of ad space while a webpage loads, known as real-time bidding. 

"Every time we load a page on a commercial website or use an app, the website or app tells tens or hundreds of companies all about us, so that their clients can decide whether to bid on the opportunity to show you an ad," Dr. Ryan told the BBC.

Real-time bidding

Real-time bidding refers to the buying and selling of online ad impressions through auctions conducted in the time it takes a webpage to load. 

While a page loads, real-time bidding helps facilitate the sharing of various details gleaned from the device the web page is loading on, including its location, along with information about previously visited websites.

"These bid requests include inferences of your sexual orientation, religion, what you're reading, watching, and listening to, your location," says Dr. Ryan.

Although the advertising industry claims that the targeted individual isn’t personally identified, critics like Dr. Ryan argue that the sheer volume of information still constitutes a violation of privacy, especially since the average person isn’t aware about the amount of data that is shared about them, and with whom.

This isn’t the first time Dr. Ryan has taken action against the use of real-time bidding. He tells the BBC that he first filed the complaint with the Irish Data Protection Commissioner's Office in May 2018, but that investigation is still continuing. He’s also lodged complaints with information commissioners in other EU countries as well.

“The amount of data advertisers have on us might shock most people but we can still still limit the amount we share and try and control further information being used," noted Jake Moore, Cybersecurity Specialist at ESET.

"Our data is continually analysed and profited from by many technology firms but it is possible to reduce this by learning specific settings within the accounts and not sharing sensitive information that isn’t crucially required for the application to function."

"Before we part with our personal information, our data is our responsibility but unfortunately many companies still do not fully understand how to protect our personal data online or worse still, they share such data with third parties without our direct knowledge. We must start restricting the amount of data we share with companies now to help reduce problems in the future where any company, government or third party could potentially learn every single private detail about us.”

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.