We’re in for some more shock - yet unsurprising - news about data breaches. The Brave team has released a new report and frankly, it’s a really poor statement on how the government officials are handling citzens’ data. The report reveals that there is widespread surveillance being conducted in the United Kingdom by private companies.
The Brave team studied data collection conducted by private companies and discovered that users on council websites related to addiction, disability and poverty had data on them collected - without prior permission. The total number of compromised accounts appears to be 6.9 million, all linked to data broker LiveRamp, which has sold data to the maligned Cambridge Analytica.
The specifics are what is really worrying, especially given the fact that we have learnt the extent to which private companies exploit sensitive data to further their own interests. It appears that almost every council website lets at least one company “learn about people’s behaviour”, and these websites have already been profiled by some websites.
In the Enfield London Borough Council alone, which serves over 330,000 people, 21 data collectors have been discovered. What is particularly shocking is that this is a government websites - and one would hope that the country’s official websites would do better to protect its citizens.
The worst incident in this data breach is RTB, or “Real-Time Bidding”. RTBs are essentially advertising auctions where companies bid for advertisement displays while the page loads. This is under investigation under GDPR. This data is simply broadcast to any number of companies. 198 councils permit this real-time bidding.
The data made available through RTBs is shocking, as it includes location, interest and what someone is watching or reading. Google is by far the biggest culprit of this system, serving 196 council websites.
Uk Lets Private Companies to Snoop on Disabled Children and Their Parents
But it gets worse.
These systems have been used to target disabled children and their parents. 21 companies have been collecting data on a GOVERNMENT website that apparently has 1 million unique visits per month - collecting data on people just reading about their child’s disability.
Data is being SOLD. They’re supposed to help people, and not have money made off of it. If this kind of deed involves such a lack of oversight by authorities, what can helpless citizens do?
How Google Takes the Most Out Of It
It should come as no surprise that the report states that Google owns all five of the top embedded elements on these websites. On top of this, it is also responsible for serving 196 websites with its RTB, all the while not knowing whose data goes where.
Google itself has been the subject of the Brave team’s examination, as last year Brave Chief Policy and Industry Relations Officer Johnny Ryan pointed out to the Irish Data Protection Commission, Google's lead regulator in Europe, how vulnerable personal data is. The findings claimed that Google had circumvented GDPR regulations.
How Can You Protect Yourself?
It’s as simple as that.
In an age where we have become increasingly dependent on the internet and online services, the protection of our data is more important than ever.
Besides the fact that sensitive information that is stored and collected, this act also gives monopolies additional power, allowing them to further cement their position as a market leader. Accountability must be a priority for such practices, an idea that has only slowly come to the fore. Still, despite this realization, not enough has been done.
However, users can themselves ensure the safety of their personal information by using a browser like Brave, which prevents any form of surveillance from being conducted, and actively encourages users to build a better digital advertising ecosystem through its cryptocurrency and various features like optional advertisements. Users can choose to view ads and actually pay for their viewing attention (hence the name). No data whatsoever is collected.
With Brave, the user is in full control of their privacy and data. We need more of this in all our tech systems.