Even though Google claims to not sell users’ personal information, it still facilitates data sales and benefits from them, the Electronic Frontier Foundation reports.
The tech giant controls over 60 percent of browsers, runs code on about 85 percent of sites on the internet, and is inside about 94 percent of apps. In short, it’s everywhere, collecting data on users’ searches. Even though it collects such data, Google claims to not sell it; instead, it makes its money through real-time bidding.
This process occurs when publishers “auction off ad space” via their apps and websites, the Electronic Frontier Foundation reports. Here, users’ sensitive data is shared with numerous other adtech companies. The data then moves through other layers, including: supply-side platforms, which collect users’ data to sell; ad exchanges, which organize auctions between them and advertisers; and demand-side platforms, which “bid” on behalf of advertisers and decide which ads to show.
Google has some form on control at all levels of real-time bidding, which brings in money for the tech giant. For example, through a user’s browser, Google and can share data with an advertiser through “cookie matching,” enabling third-party companies to connect their own cookies to Google’s. From here, advertisers end up sending Google money as it sends that data into the ecosystem, the Electronic Frontier Foundation says.
This exchange, among other branches of real-time bidding, bypasses obtaining users’ consent to access their data. “It is at the center of everything that’s wrong with privacy in tech.”
The Electronic Frontiers Foundation says that one of the only ways customers can better protect their data and make it more challenging for Google to rake in money is for stronger consumer data privacy laws. For example, it points to the California Consumer Privacy Act (CCPA), which went into effect at the start of 2020, and enables users to opt out of having their data collected and sold. Business that don’t follow the law can be fined, among other penalties.
However, the foundation states that privacy laws, especially those similar to the CCPA, need to be more stringent; people’s right to privacy should be a priority, instead of something off of which to make a profit. “On its own, the CCPA is not enough to fix the problems with tech’s use of personal data, but it is a good first step down the road to privacy reform… [it] underscores the need for a more comprehensive law that treats privacy as a default, not an option.”