Every time we search the web, part of us is traded. Or more specifically, our personal data are traded. Most of us agree this is a fair trade because we get so much for free in return for allowing advertisers target us. We might still feel that we have control because we adjust privacy settings on Facebook or report ads on Google because it “knows too much.” But most of us don’t think about what’s going on behind the scenes with all this data. This is a problem because it means we don’t fully understand how the web-advertising infrastructure increases the risk of our data being leaked beyond where we intend. And anytime data leaks it can potentially end up with someone who intends to use it maliciously.
In the milliseconds it takes to load a website, ad exchanges send personal data about the person about to view it (you) to their partners—many hundreds of partners. They all decide (in milliseconds) whether you’re a good target for an ad and, if you are, what they are prepared to pay. There’s an (almost) instantaneous bidding process and—hey, presto—an ad appears on the page. This ecosystem is now so big that it’s not possible to be assured they all treat your data properly. Adding to the problem is that some ads contain code that allows another company to track you.
This video, by advertising-technology firm PageFair, shows how your data propagates—and potentially leaks—in the ad ecosystem.
In May 2018, the European Union General Data Protection Regulations come into force, regulating user permissions in this behind-the-scenes flow of personal data. The new regulations will mean that companies will have to give users a choice about how much they want to be tracked. They then have to make sure this happens all the way through the ecosystem or face significant fines (up to 4% of global revenue).
In Europe, at least, these “opt-in” terms will likely make internet users far more conscious of who really profits from the use of their personal data.