Evidence of AdTech Data Breach Comes to Light in Ireland

Laura BednarCybersecurityLeave a Comment

Online Ad Tech Data Breach

The Irish Council for Civil Liberties (ICCL) has published evidence of online advertisers profiling internet user’s personal characteristics without consent. This new evidence follows a previous complaint with the Ireland Data Protection Commission that claimed personal data was being exploited through Real-Time Bidding (RTB).

Many of these types of complaints were filed with regulators in the European Union (EU) without a resolution. How the average consumer’s data is being used without consent should alarm any tech user, especially in a union where GDPR laws have been passed.

What the Report Found

In the dossier the ICCL created, several shocking statistics were found regarding how Google and the Internet Advertising Bureau collect information and target users specifically. These facts included:

  • Through Google’s RTB system, user data is sent to 968 companies
  • The IAB’s system for RTB allows users to target 1,300 people in Ireland who were identified as being in the “AIDS and HIV” category. This category was the result of a data broker profile, and this broker also had categories for “Brain Tumor” and “Depression” among others.
  • A data broker that collects RTB data tracked the movements of people in Italy to monitor if they followed COVID-19 lockdown procedures.

The type of information that RTB is harvesting, in some of the evidence from the report, is considered “special category data.” Under the GDPR laws, this type of data includes anything that reveals a subject’s race, political opinions, religious beliefs, data concerning health, and sexual orientation. In order for a company to process this information to create ads or for other purposes, they need explicit consent from the user.

Security Concerns in Europe and Beyond

Real-Time Bidding occurs in the background of websites and apps. Advertising inventory is bought and sold using this tool on a per-impression basis. Basically, advertisers bid to have their ad shown on the page and whoever bids highest gets the spot. This all happens in a matter of seconds but the effect is long-lasting.

This form of advertising accumulates detailed and confidential data that is tailored to a user’s behavior online. It doesn’t stay with the company that won the bid either, it is shared with other companies for use. The report stated that one ad exchange using the Internet Advertising Bureau RTB system sends 120 billion RTB broadcasts per day. This is a 140% increase since the original complaint about RTB was placed with the Ireland Data Protection Commission in 2018.

Responding to Breaches with Protection

The Data Protection Commission claimed that they are investigating whether or not Google has a lawful basis for processing personal data for the purpose of targeted advertising and the sourcing, sharing, and combining of personal data with other companies. They are also reviewing how Google complies with their transparency obligations as well as portions of the GDPR.

The complaint about RTB has been out there for two years without action. While investigations continue, more personal data is collected every day. At SecureData, we pride ourselves on our data security habits. We do not share your information with anyone outside of the company and don’t use a third-party during data recoveries, meaning your device stays within our SSAE 18 Type II Certified environment.

Data breaches and other cybercrimes that result in exposed special category data are serious and need to be addressed as soon as possible. Our digital forensics team can find the source of a data breach, end it, and find out what information was compromised. SecureData offers secure practices in every service we offer and are dedicated to our client’s security. Learn more about our data security products and services at https://www.securedata.com/.