Private data of Irish internet users shared 392 times a day, report claims

17 May 2022

Image: © Rawpixel.com/Stock.adobe.com

The ICCL says the RTB industry is responsible for the ‘biggest data breach ever recorded’ as it tracks and shares user data around 178trn times a year in the US and Europe.

Private data relating to Irish internet users is recorded and shared to a range of companies around 392 times a day, with no way to restrict its use once it is broadcast, according to a report by the Irish Council for Civil Liberties (ICCL).

An ICCL report released yesterday (16 May) said real-time bidding (RTB) is responsible for the “biggest data breach ever recorded”. The report claimed the RTB industry tracks and shares what people view online and their real-world location around 178trn times a year in the US and Europe.

RTB is the process where user data is bought and sold by online advertisers, and determines the ads a person will see when a website or app loads based on their personal data. The ICCL has previously spoken out about this system, saying it can broadcast private information about an individual to more than a thousand tracking companies “in a split second”.

According to the report, the private data of internet users is sent to firms “across the globe, including to Russia and China” constantly, allowing companies create profiles of individuals for advertising. The ICCL estimated that the value of the RTB industry was more than $117bn in the US and Europe last year.

“There is no way to restrict the use of RTB data after it is broadcast,” the ICCL added.

Ireland was the sixth highest country in Europe in terms of estimated RTB broadcasts per day. The UK was top of the list with an estimated average of 462 broadcasts per person per day.

In Germany, which was 13th on the list of European countries, the ICCL said RTB tracks and broadcasts what a person is doing online “roughly once per minute that they are online”.

The ICCL added that Google is the biggest company when it comes to RTB, with 1,058 firms in Europe and 4,698 firms in the US receiving RTB data from the tech giant.

“Google broadcasts data such as what people are viewing or doing on a website or app and their ‘hyperlocal’ locations 42bn times every day in Europe, or 31bn in the US,” the report said.

GDPR complaints

The ICCL has regularly criticised the online advertising industry’s practices, and specifically RTB, over data privacy issues. It has also criticised Ireland’s Data Protection Commission (DPC) for how it handles GDPR complaints against Big Tech.

In March, ICCL senior fellow Dr Johnny Ryan issued a High Court challenge to the DPC over claims the watchdog failed to fully investigate a complaint about Google’s RTB system, which Ryan claimed is in breach of GDPR.

Ryan told an Oireachtas Joint Committee last year that the DPC had failed to resolve 98pc of cases important enough to be of concern across the EU and that the country had become a “bottleneck of GDPR investigation and enforcement”. He also made a complaint to the EU Ombudsman, alleging that the European Commission had failed to properly monitor the DPC’s application of GDPR in the country.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com