The Irish Council for Civil Liberties (ICCL) is pointing its finger at Google for spying on users, French IT news website Le Monde Informatique reports. A real-time bidding (RTB) system which is actively used by the company enables it to follow and share what everyone is looking at or doing online and note down this activity’s location. RTB is the technology underpinning all online advertising and it relies on sharing of personal information without user consent, according to the ICCL.

Google’s troubles are far from over. Widely singled out for its actions in terms of the use of personal data, the company is now in the spotlight for its tracking and advertising targeting activity. A report (PDF) published by the ICCL on 16 May accuses the search giant of an unprecedented data breach. The report sheds light on the RTB system, which works in the background on websites and in applications. “It tracks what you are looking at, no matter how private or sensitive, and it records where you go. Every day it broadcasts this data about you to a host of companies continuously, enabling them to profile you,” the report states.

The ICCL report claims it presents the scale of this data breach for the first time.

This data breach takes place throughout the world. The RTB system “tracks and shares what users are viewing online with their location in real time 294 bn. times in the USA and 197 bn. times in Europe each day”, it states. On average a person in the USA has their online activity and location tracked 747 times a day by those using RTB. In Europe, RTB exposes personal data 376 times a day. In Germany alone, Google sends 19.6 million broadcasts about German Internet users’ online behaviour every minute that they are online. “Europeans and U.S. Internet users’ private data is sent to firms across the globe, including to Russia and China, without any means of controlling what is then done with the data”. It is a high-earning business generating more than $117 bn. in the USA and Europe in 2021.

Advertising is an indispensable condition of this system as the majority of advertising on websites and in applications is placed there using RTB. Advertisers spend $100 bn. annually in the USA and Europe. The RTB market’s estimated value was $91 bn. in the USA in 2021 and €23 bn. in Europe in 2019. It therefore highlights that Americans’ online activity and their locations is exposed 57% more frequently than that of users in Europe.

Google is one of the five largest users of this real-time bidding system. No fewer than 4,698 US companies are authorised by Google to receive RTB data on people, whilst in Europe the number drops to 1,058 companies. More specifically, the data collected by Google, like what people are looking at online or doing with an application and their ‘hyperlocal‘ geographical location is broadcast 42 bn. times per day in Europe and 31 bn. times daily in the USA.

The ICCL is working to end the RTB data breach in Europe and has litigation ongoing in three European courts, as follows:

• at the Landgericht in Hamburg against the tracking industry standards body IAB TechLab and against Microsoft’s online advertising exchange Xandr (https://www.iccl.ie/rtb-june-2021/);
• at the Irish High Court against the Data Protection Commission, for its failure to investigate the ICCL’s complaint about Google’s RTB data breach (https://www.iccl.ie/news/iccl-sues-dpc-over-failure-to-act-on-massive-google-data-breach/); and
• in the Brussels Market Court, the ICCL is a party against IAB Europe’s appeal of an order by the Belgian Data Protection Authority, and 27 other EU data protection authorities, against IAB Europe’s “TCF” consent spam system. (https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europes-consent-popups-are-unlawful/).