Spaniards are scrutinized 426 times a day on average by Google to obtain information about their location and their activity on the Internet. So it reveals an investigation carried out by the Irish association Irish Council for Civil Liberties (ICCL) from a leak, which also shows that the average number of daily intrusions among European citizens is 376 (Spain is above) and among Americans, 747, almost double. Asked by this newspaper, Google defends that it does not share information that can personally identify users, but it does not deny that it collects large amounts of relevant data about them on a daily basis.
The data referred to in the ICCL study is used for auctions in real time (real-time bidding, RTB) of advertising spaces. This is the system that Google uses to sell advertisers the advertising spaces that we see while we browse: bannervideos, pop up… Its tool, which was a revolution for the advertising market, is the touchstone of so-called targeted or personalized advertising, the one in which each user is shown ads according to their affinities or browsing history. It is estimated that in 2021 this mode of advertising generated revenue of around 112,000 million euros in the US and Europe alone.
ICCL research provides figures that give an idea of the magnitude of surveillance associated with this model. The real-time auction system means that the situation and activity of European and American users is checked 178 billion times a year. In the case of the Germans, who are monitored 334 times a day (much less than the Spanish), this means that a photo of their activity is taken for every minute they spend online. All this data, which includes sensitive user information, is sent to 4,698 companies around the world with which Google has collaboration agreements. This includes companies from China or Russia, whose standards of respect for privacy do not exactly coincide with those of the EU.
Google is not the only technology that participates in this game, as sources from the company itself remind this newspaper. The ICCL report does not mention Facebook and Amazon, the former being the great market leader along with the search engine, although it does include Microsoft.
One of the problems with extracting this type of data is that, once recorded, there is no way to control who accesses it. Some of the companies that collect this information, organize it and serve it to third parties, known as data broker, used it to profile participants in the Black Lives Matters protests. Also that the US Department of Homeland Security and other agencies in that country used them to track phones without warrants, according to uncovered the Wall Street Journal. Or that data of this type taken from the gay dating application Grindr was sold, scandal uncovered by that same newspaper.
The differences in exposure between countries are notable, although no one is spared. In the US, the maximum is marked by a resident of Colorado, with 987 daily interventions in his activity on-line by the real-time advertising auction system, and the minimum, one from Columbia, with 486. In Europe, a British person is observed an average of 462 times a day, while a Portuguese, 210, and a Romanian, 149 .
“We don’t know what these differences are,” confesses Johnny Ryan, ICCL Information Rights Officer. However, it points out four possible explanatory factors: “how developed the RTB industry is in each country, how much time citizens spend connected, how much of the traffic happens on low-value websites, where users are more likely to be monitored, and how active national data protection authorities are.”
The attention auction
To make real-time advertising auctions possible, Google’s engine uses the information it has about specific user profiles every time they enter a new page. For example, a man between 40 and 50 years old interested in cars who comes from visiting a Formula 1 racing website and passes by a car dealer. Thus he can offer advertisers spaces in which their ads will be relevant to certain profiles. Advertisers place a bid right then and there; The one who pays the most will be the one who shows his ad on the user’s screen. The process is automated, everything happens in hundredths of a second.
And the secret of its success lies in the quantity and quality of data that is provided about each user, which takes into account historical factors, but also immediate ones (where they are, what they have just seen, what they have done in other similar situations). That layer of immediacy is achieved by collecting fresh information every time we browse a web or use an application. Also recording data on where the user is going, whether or not the GPS sensor is activated on their phone.
The ICCL organization denounces that this extraction of information is not legal under the umbrella of the General Data Protection Regulation (RGPD). How then is it possible for all this data to be extracted and commercialized? “We are litigating to stop this,” explains Ryan. It’s no coincidence that ICCL is so active on big tech privacy issues: Ireland is where many of them have their European tax headquarters. “One of the reasons we are in this situation is the failure of the Irish Data Protection Authority (IDPC) to respond to this security crisis more than 1,300 days after being notified of it,” says this expert. .
Exclusive content for subscribers
read without limits