One would think that with the General Data Protection Regulation (GDPR) and Protection of Personal Information (POPI) acts in place that your data is now safe, but a study found that it is far from the truth.

I read an article online from BBC in which they state that the average European data is shared up to 376 times a day. This is alarming considering that GDPR is in place for the European consumer. The study shows that the average US based users’ data is shared 747 times per day.

The data is shared by the brokers which sell the advertising space to advertisers as the site loads in real time. The advertising brands are not involved in the share it is the real time brokers.

The data being collected and shared are the device type, location, previous sites visited and the subject matter. This takes place in a matter of seconds and the space is sold to the advertiser, making it a multi-million-dollar industry.

The industry might argue that the data collected and shared is not personal identifying, the complainers of Privacy online argue that the volume and type of data is still private.

Some of the data collected include Location of the device, Previous sites visited, Subject matter searched, type of device used.

This data is used every day by the real time bidding companies to sell the advertising slot on the site, this happens without consent and in seconds regardless of how private or sensitive, they record where you go and what you visit. The Digital Rights campaigners, like the Irish Council of Civil Liberties state that this is the biggest breach of privacy ever recorded.

The data gathered is not available public but freely available to industry. The initial data was gathered from Google Feed and excluded the other major players namely Meta and Amazon.

The data gathered showed that and average US-Based web users’ habits are shared in advert sales processes a 107 trillion times per year and the average Europeans data is shared 71 billion times a year.

The researchers concluded that should the data breach be explained that should the data be seen in the same light as pollution we would be surrounded by an almost impenetrable haze that gets thicker the more, we browse of use the internet.

The ICCL has launched a lawsuit in which it is suing the IAB (Interactive Advertising Bureau) for the privacy data breach. They state that even if the data shared does not contain the users name the data shared is considered private. They state the users has not consented to the gathering of the data nor its sharing.

There is a debate ongoing that states the volume of data gathered about people to target the adds, is what makes most of the services free to use on the internet. But the ICCL states that the people do not know the amount of data gathered about them nor with whom it is shared. The ICCL stated that the bid systems can tell if they have seen the persons profile before to allow the advertisers to decide if they will bid for the spot or not.

They concluded that the data shared contains the users location, device, previous sites visited, subject matter searched, users’ sexuality, religion, if the device belongs to a person with debt, income level and many more. The data is available in code that the industry refers to as audience Taxonomy. The tables can be found here: and it shows that information gathered is much more detailed and possibly not something the users would want to share.

Companies Like apple has taken the privacy initiative and started cracking down on Ad-tracking enforcing an op-int option for all apps on apple devises and many of apples users has not taken the opt-in option.

The same case has been raised and is being investigated by multiple European countries, in which some of the investigations has been going for more than three years.

The ICCL is striving for the law to sweep the industry so that you can still bid on the request but without any private data changing hands.

In a nutshell browsing in private mode, does not quite ensure that your data is not gathered and shared on the internet for commercial gain.

By Frans Herle



Based in Windhoek, Namibia, Salt Essential IT is one of Africa’s most awarded Microsoft Direct Cloud Solution providers, enabling and supporting clients ranging from small and medium to enterprise.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram