James Ball* says that inside the world of digital advertising, your data can be traded across the world thousands of times in the time it takes to click.
Photo: Marvin Tolentino
On the surface of it, browsing the internet feels pretty simple: we click a link and visit a website and it shows us what we want to read, alongside a few adverts.
That might be what we see, but beneath the bonnet there is far more going on than we realise: every single click on the internet launches a huge international auction, as companies try to match up our personal data and make guesses about us, scattering our information across the world — all to serve us an advert.
What really happens each time we click?
Before you click
Online advertising is essentially capitalist match-making.
The advertiser wants to show its product to someone who might buy it, and the website owner delivering the advert wants to get as much money as possible for the click it’s just received.
That means that almost all online advertising is delivered through instantaneous auctions, taking place in milliseconds, to see who’s most willing to pay for a few seconds of your attention — this is known in the trade as “programmatic” advertising.
The brand decides the kind of person they would like to target, often based on a database of existing customers, a mailing list, or data they have bought.
They hand that over to a Data Management Platform, who might then get in touch with a data broker to, for example, match up the mailing list to suitable people.
That company in turn sends a segment of the data to what’s known as a Demand Side Platform (DSP) — the company in charge of finding the right places (and right price) to place adverts to find people similar to those the company wants to target.
The brand, and the companies working on its behalf, are now ready and waiting — they know who they’re looking for.
Now, they just need some possible candidates.
The click
This is where you come in.
You might have followed a link or just typed in a web address, but now you’ve arrived at a site your device has sent a message to its server asking it to deliver you the content you’ve asked for.
For any site showing programmatic adverts, this sets off a lengthy chain reaction.
The first thing the site does is the obvious one that’s visible to us: it starts sending you the editorial content you’ve asked for.
So far, so good.
What it also does is send a message saying, more or less, “give me some adverts please!” to a Supply Side Platform so it can get as much info as possible to go into the matchmaking lottery and get the best price possible.
That platform then sends a request for your computer to send it as much information as it can and as much information from cookies as it can, which can include details of your browsing history and much else.
Once it’s received whatever information your computer was willing to hand over, it bundles it up, and it’s ready for the main event: the auction for your attention.
The exchange
The Supply Side Platform passes on its bundle of information about who’s viewing the website to an ad exchange, which then shows it to tens, hundreds, or possibly even thousands of bidders: the DSPs.
This is the step that runs against our intuition: when we click the privacy pop-ups on each website we see, we roughly understand that the site we’re visiting sees some data about us, and whichever company shows us the advert sees some too.
But that’s not even the start of it: your data can be sent to dozens or hundreds of DSPs with each click.
All of this happens within the space of less than a second — but that’s enough time to send at least a little of our data spinning to thousands of different places.
Eventually, each DSP finds the brand on its books that is willing to advertise to someone like you for the best price and offers that up to the exchange.
The deal is done — though that’s not quite where the data-transfer ends, as the DSP can ask your computer to send it “sync” information, another little packet of your browsing data, as an afterthought to the transaction.
All of this is just one advert, on one page.
When you multiply that by multiple adverts on each page, and the dozens or hundreds of clicks we make each day, we send ourselves everywhere across the ether day by day.
What it all means
This is a simplified version of how one type of advert is served, and it’s still extremely complicated — and we have almost no insight into exactly what each company in the chain does with our data.
Can any of us really say when we click “accept” on a website that we understand what we’re accepting and what happens next?
There are a few steps we can take on our own.
We can lock down our browser privacy settings, stopping them storing cookies.
We can get a measure of protection by using ad-blockers.
The bigger picture, though, will only be changed by one of two things: either regulators will take action or consumers will sue.
The whole situation is summarised by data protection expert and privacy advocate Johnny Ryan.
“Every single time a person loads a page on a website that uses ‘programmatic’ advertising, information about what they are reading and the device they use is broadcast to a large number of adtech companies, who then do God knows what with it,” he explains.
“This broadcast of who you are and what you are reading happens constantly, on every page load, on virtually every single website.”
Last year felt like it was dominated by tales of data breach after data breach, by what certain groups have done with our data.
It seems as if, now we’ve started scratching the surface, this could just be the very beginning.
* James Ball is a journalist and author. He tweets at @jamesrbuk. His website is jamesrball.com.
This article first appeared at www.huffingtonpost.com.au.
