Did you know that your personal data, your location, browsing history, and even your shopping habits, can be sold to the highest bidder in milliseconds? This hidden world of data brokers and real-time bidding (RTB) fuels a massive surveillance ecosystem, and California is taking steps to fight back.
Last Thursday, our founder Gina joined the Techstrong Gang. One topic they discussed was California’s new DROP (Delete Request and Opt-out Platform) law, which gives its citizens a way to fight this information collection. She initially questioned the personal information required for registration, but the question remains: is that risk worth it?
How data brokers collect personal information
404 Media provides explains how data brokers operate, focusing on apps ICE uses. According to the article, data brokers collect personal data through two main methods:
- Historically, app builders inserted code into their Software Development Kits (SDKs) to collect user data for RTB. Even harmless apps, like weather apps, can collect data such as location. Data brokers paid developers for location data collected through these apps.
- The other method is real-time bidding (RTB). Marketers use RTB platforms to bid for on impressions (ad views) to place ads tailored to specific audiences. Think of times when you’ve been to a website with ads on the page. As soon as you land on the page, the system instantly sends an ad request to platforms like Google, Microsoft, or LinkedIn.
As Kiri Masters a retail media industry analyst & commentator, puts it, RTB is like a “booking.com” for online ads.
The mechanics of real-time bidding (RTB)
Those ads seem so relevant to you because companies target you using the “anonymous” information they have gathered, such as your device type, IP address, zip code, GPS location, and browsing history.
The SSP (Supply Side Platform) creates the bidstream data, gleans your information and packages it into an RTB bid request. Finally, it sends it to an Advertising Exchange, who then shares the data with DSPs (Demand Side Platforms). The DSPs work on behalf of their clients and decide whether to bid for the ad space. Whoever wins the auction provides the ad you see.
Machines complete this entire exchange automatically in milliseconds, and you never even realize it’s happening. For my marketing friends, here are the Google applications that make up their RTB platform:
| Advertising Exchange | Google AdX |
| SSP | Google Ad Manager |
| DSP | Display & Video 360 |
epic.org has a great in-depth analysis of how the ecosystem works.
What are the privacy dangers of RTB?
The Electronic Freedom Foundation (EFF) highlights a major vulnerability of RTB: all participants in the auction receive user data, not just the winning bidder. This means your personal information is widely shared, often without your knowledge. This widespread sharing of data increases the risk of misuse and makes it nearly impossible to track who has access to your information.
In addition to privacy concerns, RTB creates financial incentives for companies to collect even more data. The more personal data included in a bid request, the higher the bids it attracts. This creates a dangerous incentive for websites and apps to collect as much data as possible.
Holes in the system
Data brokers don’t need to place ads to collect and resell information. For example, Mobilewalla collected data on over 1 billion people, mostly through RTB actions. They enriched this data to create custom audience segments, such as pregnant women, Hispanic churchgoers, and members of the LGBTQ+ community.
This data was resold to other brokers and eventually to government agencies like the FBI, CBP, and ICE. Real-time bidding enables mass surveillance. As the EFF puts it, “RTB is a surveillance system at its core, presenting corporations and governments with limitless opportunities to use our data against us.”
Isn’t collecting our data without our knowledge illegal?
Getting back to the 404 article and ICE, you’d think the United States has laws against collecting personal data without permission. But the ACLU found that ICE believes they are justified in not seeking a warrant to use this information, because “Under longstanding Supreme Court precedent, an individual has no reasonable expectation of privacy under the Fourth Amendment in information voluntarily disclosed to third parties.”
The Fourth Amendment protects us from unlawful searches and seizures, and that includes your cell phone. But, if you’ve downloaded an app that participates in sharing your personal data on the real-time bidding network, the government believes you have waived your reasonable expectation of privacy, and that they have lawfully acquired your information by purchasing it from a data broker. (Carpenter v. United States, ACLU article).
How to protect your personal information from real-time bidding (RTB)
While RTB and data brokers operate largely behind the scenes, there are steps you can take to protect your personal information.
- Check your apps and review their permissions.
- Turn off location information when possible. This McAfee article provides a helpful checklist of what to do to protect your information, as does this article.
- California residents can register for the DROP platform to delete their information from the marketplace.
Final Thoughts on Real-Time Bidding (RTB) and Data Privacy
The world of data brokers and real-time bidding is complex. Its impact on our privacy is something everyone, marketers, technologists, and business leaders alike, need to understand. Laws like California’s DROP platform are a step in the right direction, but protecting your own data starts with small, proactive steps like reviewing app permissions and limiting location sharing.
Stay informed about how data privacy, marketing, technology intersect by following Digital Sunshine on LinkedIn, and catch Gina live on the Techstrong Gang Thursday mornings.
