Guest Post: Inside The Shadowy World Of Data Brokers And What Happens When You Click ‘Accept All’
We all have got used to the familiar privacy cookie questions, especially when browsing from the EU – and most of us predictably ignore the terms and conditions, and simply click Accept All and continue on with their lives, happily browsing through whatever the site is offering.
Have you ever wondered where your data goes after you have accepted the fine print (often without reading it)?
You may think that you are browsing in the privacy of your home or of your own device, but this is simply not the case, with literally hundreds of so-called “partner sites” having access to your browsing habits.
Personal information is collected and combined to form a detailed profile about your habits and preferences by shadowy entities called Data Brokers. Data Brokers have the creation and sale of your personal information as their main business. Effectively, every one of us and our browsing habits have become a commodity to be classified, packaged and sold in small pieces to the highest bidder.
Data brokers identify people using hundreds of collected data points that are categorized to create typical user profiles, like for example, “people who like current news and that go out to eat on weekends”, and even more specific profiles like “people who like to watch football, follow Lovin Malta and also use TikTok at night”.
Data brokers utilise information from a variety of sources, in a process called aggregation, and sell it for a wide variety of purposes, usually for advertising and marketing purposes, or to verify a person’s identity or detect fraud. Less honourable uses though often occur, such as to deliberately target people to influence their voting, spread false information, enable scams, hacking, and other so-called Black Market uses.
There are more than 5,000 data brokers worldwide, generating over €170 billion of revenue annually. When used legitimately, data broker services can be immensely useful and valuable, and can transform online businesses significantly for the better, with personalised content that makes best use of user’s limited time and short attention spans.
With the right knowledge, there are over 10 million datasets that are available for purchase, mostly on the open web but also on the dark web, where you need to use browsers like Tor and pay for data anonymously, generally using cryptocurrency. There are also thousands of data leaks that occur worldwide, some of which come from Data Brokers themselves. Information about thousands of Maltese users can be readily purchased online from the Dark Web.
Data brokers often blend data from publicly available sources using a process called scraping, which extracts relevant information from a website. In Malta, such information is available on a large percentage of the population.
For example, the Electoral Register of Malta contains information about all the eligible voting population of Malta, and although some measures have been taken to make it more difficult to scrape such information, it is relatively easy for Data Brokers to scrape it. Social media, news sites and apps help fill in the gaps to complete the picture on different users.
Virtually all of Malta’s news sites and other popular sites, including Lovin Malta, use a variety of advertising and tracking platforms. When users access such sites and apps, the device IP address and other characteristics, like the device type, are recorded along whatever site, page or post is being browsed.
Over time, this collected information generates an accurate digital fingerprint that uniquely identifies each and every user.
In a household or company that shares the same IP address, the process is slightly more complicated, but data brokers can use the unique mix of interests associated with different people to approximately attribute and identify each browsing request to the right person.
Almost all Maltese sites and apps, for example, use popular advertising services like Google, Facebook, Instagram, Twitter, LinkedIn and others. These services share and resell personal information with literally hundreds of partner sites – more than 200-300 partner sites on average for the leading Maltese news sites. Some services are also specialized on tracking users and their behaviour, including HotJar, an analytics company which originated in Malta.
Additionally, there are services like Taboola and Disqus that display related content and enable comments, while serving advertising and sponsored content. While many such services claim to not share any information with partners, the way the systems work may allow companies providing advertising to place further cookies on your browser or device.
Buying information from Data Brokers is rather easy. Pre-packaged marketing datasets can be bought in a matter of minutes, with higher-end customisation services taking a bit longer to setup and customize.
Enforcing contractual obligations, such as restrictions on the types of processing allowed or reselling the data, is practically almost impossible to do. Obviously, such obligations do not even exist for information obtained via the Dark Web. In practice, anyone with the right tools and a bit of coding knowledge can use data in rather sophisticated ways.
In the EU, GDPR has provided a legal framework for Europeans to have a legal basis for some kind of action to protect their privacy. Alarmingly, some Maltese news sites contain broad disclaimers like “Some personal data is processed without your consent, but you have the right to object”. The reality of the situation is that with hundreds of partners and an opaque networks of data brokers who may then resell the data onwards to other partners, it is practically impossible to object to any individual partner.
Artificial Intelligence may provide a solution to the increasing complexity of managing cookies and data privacy. Some Data Broker services can indeed be useful – for example, enabling a better browsing experience by filtering out content that is uninteresting and highlighting stuff that you like.
Automated privacy tools that allow trustworthy AI to monitor usage and reflect the user’s preferences will enable more intelligent browsing, for example, by accepting information sharing for items that users deem useful, while deliberately rejecting data broker partners that are unknown. Future AI powered tools can also deliberately misinform partners to conceal the identity of users and automatically switch to VPN browsing for certain sites to make users more difficult to track.
The multiple security and privacy issues that arise from Data Brokers may also increase with the popularity of the metaverse. The lack of human connection over a virtual avatar, which effectively conceals the human element and turns a remote experience into a seemingly personal one, can be a haven for scammers to exploit and manipulate people.
The useful and legitimate services of many Data Brokers ensure that they are here to stay as a permanent fixture of our online lives. Just remember that when simply accepting all – you are sharing your personal information with all data brokers, legitimate or not. For privacy measures like GDPR to be completely effective, users must have greater awareness of how their own data is collected and used – otherwise the “accept all” renders such legal protection meaningless if users do not fully understand the consequences of that choice.
Angelo Dalli is an AI Expert and tech entrepreneur based in Malta.
Lovin Malta is open to external contributions that are well written and thought-provoking. If you would like your commentary to be featured as a guest post, please write to [email protected], add Guest Post in the subject line and attach a profile photo for us to use near your byline. Contributions are subject to editing and do not necessarily represent Lovin Malta’s views.
Do you read the terms and conditions before clicking ‘Accept’?