Real-Time Bidding: Technology or Data Breach?

Real-Time Bidding: Technology or Data Breach?

May 20, 2022 | Data & Cybersecurity, Privacy

Real-Time Bidding

What is Real-Time Bidding (RTB)?

Real-Time Bidding (RTB) is a technology operating behind the scenes on all websites and apps, tracking everything you look at, no matter how private or sensitive. And, RTB records where you go. Every day, RTB shares data about you with a host of companies continuously, enabling them to profile you.

Companies including Google, Yahoo, and Microsoft let advertisers buy ads in the split seconds between when you enter a site’s web address and the moment the page appears. RTB technology allows advertisers to examine site visitors and bid to serve them ads instantly.

New York Times offers this description of Real-Time Bidding: “…say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). eBay can essentially follow that person’s activities in real-time, deciding when and where to show him near-personalized ads for golf clubs on the Web.”

What is the Biggest Data Breach?

Recently, the Irish Council For Civil Liberties (ICCL) released a report titled “The Biggest Data Breach,” calling the scale of Real-Time Bidding (RTB) data broadcasts in the U.S. and Europe a data breach. (Whether or not you think RTB should be called a data breach, looking at the data in the report is fascinating.)

The ICCL is a membership organization that seeks to “speak truth to power, even when it is unpopular or difficult. We work to ensure that everyone in Ireland can enjoy all of their rights, all of the time.”

Key Insights on RTB

ICCL’s report uses these key findings to describe RTB as a data breach:

  • On average, a person in the U.S. has their online activity and location exposed 747 times every day by the RTB industry.
  • In Europe, RTB exposes people’s data 376 times a day.
  • Europeans and U.S. Internet users’ private data is sent to firms across the globe, including Russia and China, without any means of controlling what is then done with the data.
  • The RTB industry generated $117+ billion in the U.S. & Europe in 2021.

Other key findings include:

  • U.S. Internet users’ online behavior and locations are tracked and shared 107 trillion times a year.2 Europeans’ data is exposed 71 trillion times a year.
  • RTB firms broadcast RTB data widely. For example, Microsoft “Xandr” says it may send data to 1,647 other companies.

What are the Dangers of RTB?

The ICLL argues that RTB is dangerous to consumers because there is no way to restrict the use of RTB data after it is broadcast. Data brokers have used RTB to profile Black Lives Matter protestors. Additionally, RTB technology was used to out a gay Catholic priest through his use of Grindr.

The private sector uses it, the government uses it. US Department of Homeland Security and other agencies use RTB for warrantless phone tracking.

What Can You Do?

Ron Bradley, VP of Shared Assessments shares that NOTHING most of us do on the Internet is anonymous. But there are safeguards we can put in place to protect ourselves.

At a recent conference, Bradley was looking over the shoulder of a colleague, and within two seconds Bradley easily determined that his colleague has children and pets based solely on the ads popping up on his screen. Those convenient links to social media platforms embedded into web pages make the job of privacy pirates just that much easier.

You are a commodity. Your data has already been compromised and will always be for sale to the highest bidder. If that makes you uncomfortable, then take these simple measures to protect yourself online:

1. Install battle-tested privacy plugins.

2. Tighten the security and privacy settings on your browsers to the point it becomes annoying, then back them off if necessary.

3. Use Incognito or Private windows when connecting to sensitive sites.

4. Make use of a VPN to hide your IP address.

5. Use password managers, and never reuse passwords on sites such as healthcare and banking.

6. These suggestions are just a few of the overall layers of the security onion everyone should be conscientious of in today’s computing environment. You don’t have to eat the entire elephant today. But start small and begin with an ad blocker. Don’t put it off. Your privacy depends on it.


“Is Real-Time Bidding (RTB) Really A Data Breach?” could be a good debate topic over drinks with other risk and cybersecurity professionals…

Meanwhile, we can all agree with Tom Garrubba, VP of Shared Assessments: it is time for data protection agencies, information commissioners, and related government agencies the world over, to review existing practices with Big Tech and see how they can better tame this part of the “wild west.”

Sabine Zimmer

Sabine is Vice President of Marketing and Sales for Shared Assessments. Sabine enjoys collaborating across teams to build a stronger risk management community. When she's not at work, she is outdoors in the Southwest with her family.

Ron Bradley

Ron Bradley has been involved with Shared Assessments in some capacity for over 15 years. Notably, Bradley wrote some of the very first questions for the Standardized Information Gathering (SIG) Questionnaire. In this course of time, his hair has transitioned from an afro to his current distinguished style.

With a depth of experience building TPRM programs in financial services (Bank of America) and manufacturing (Reynolds, Trane Technologies), Ron understands how cultures and organizations drive the supply chain and third party process. As Vice President, Ron strives to use his extensive knowledge of Third Party Risk Management to help organizations build programs that realize the full potential of the Shared Assessments toolkit.

Ron’s experience in Europe, Asia and South America has allowed him to assess different vendor environments and to build Third Party Risk Management operations from the ground up across the world. Ron is an expert in risk in the manufacturing environment, Operational Technology, and Operational IoT.

Ron lives in Charlotte, North Carolina, and takes frequent trips to Scottsdale, Arizona. He loves golf, travel, and his Big Green Egg, which brings the people around Ron excessive quantities of love, joy, and happiness. Ron’s 24-year-old daughter and his famed sister Kathleen Bradley (first black game hostess!) bring him great delight.

Connect with Ron on LinkedIn or by email.

Tom Garrubba

Tom Garrubba, Vice President, Shared Assessments, is a subject matter expert, consultant, lecturer and author with 20 years of experience in IT risk, security, privacy, audit, and risk. Tom is a beloved instructor of the Certified Third Party Risk Professional (CTPRP) program. Tom is on the Forbes Technology Council and outside of work, Tom is involved with the Civil Air Patrol Squadron 603 and enjoys coaching (softball, baseball) and making music with his kids!

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics