Personalized advertising offers relevance. And algorithms that help target specific products and services towards interested consumers can be beneficial. However, collecting massive amounts of consumer data is highly problematic. Some digital advertising methods use large-scale data collection, profiling, and data sharing in order to micro target ads based on behavioral habits and search history. Unfortunately, these practices are all aspects of surveillance advertising models.

The New Economic Foundation’s report, I-Spy, The Billion Dollar Business of Surveillance Advertising, explores concerns around surveillance advertising – targeted advertising using personal data provided by websites and platforms. In particular, the report examines issues around the collection and use of children’s personal information.

From data collection to buying and sharing data, surveillance advertising is questionable in terms of its legality. Data protection regulations like General Data Protection Regulation (GDPR) and California Privacy Rights Act (CPRA) are in place to protect consumers. However, it is clear from this report that market needs a thorough compliance review.

Mechanics of surveillance advertising

Real-time bidding (RTM) with algorithms and automation accelerated the usage and growth of data-intensive advertising. In fact, targeted advertising serves as the business model for two of the largest internet platforms, Facebook and Google. While many consumers are aware that they are being tracked, they are often not aware of the extent of that tracking.

The process of surveillance advertising:

1. When we click on a webpage, a site identifies the number of advertising slots for sale and begins a bid request.
2. To compile this bid request, the site assembles as much information about the user as possible. A standard bid request usually contains:
   
   – A user ID set by the supply-side platforms (SSPs)
   – Full referral URL, the link to the site where the ad is supposed to appear
   – Birth date
   – Gender
   – Location
   – IP address
   – Interests or segments previously assigned to the user
   – Other information collected directly, from a data broker, or inferred
3. The information contained in the bid request is then used by demand-side platforms (DSPs), working for advertisers, to decide whether, and how much, to bid in an auction for the right to show the advertisement to the targeted audience.
4. The winning bidder gets to place the ad on the page and to keep a copy of the data in the bid request.

The New Economics Foundation estimates that bid requests on U.K. users containing personal information are sent out at a rate of approximately 10 billion a day. This translates to approximately 164 bid requests per person per day across all the ad exchanges. This information is seen by a multitude of ad tech companies. In fact, vast amounts of personal data are broadcasted across the digital advertising ecosystem.

Advocating for children

Children are protection under the Data Protection Act (DPA) in the U.K. and under Children’s Online Privacy Protection Act (COPPA) in the U.S. The two laws require parental consent prior to any data collection, usage, or disclosure of the personal information for children under the age of 13. Unfortunately, the more children spend time online, the that more digital platforms and ad tech platforms companies target them to gather data. The data collection process also employs algorithms to keep children online longer. This leads to an endless loop of data collection and advertising.

Recommendations

The New Economic Foundation recommends policymakers address surveillance advertising as follows:

• Ensure platforms do not serve surveillance-based advertisements to children. And if data is collected, the child will be compensated, and their data will be deleted.
• Platforms tracking and collecting data have a legal responsibility to handle all in a fiduciary manner.
• Eventually prohibit the practice of surveillance advertising.

Critical context

Extensive online tracking systems coupled with the use of online auction systems shifts the advertising paradigm from contextual to behavioral. Many marketers today prioritize targeting over ad environments that are safe for consumers and advertisers. . Unfortunately, data is now the holy grail, which allows fake news, clickbait, and user-generated content to easily be monetized.

Importantly, GDPR and CCPA legislation are critical steps to reset business strategies and their reliant on extensive third-party consumer data collection. However, enforcement has been uneven at best. And when it comes to kids, it is clear that much more needs to be done to curb these unethical, even illegal, practices.