When you load a website with advertisements, you often spark a milliseconds-long auction among companies vying to buy the ad space and hawk their wares. This is called real-time bidding (RTB) – and a new report has exposed how this industry, worth billions of dollars, could be exposing your personal data hundreds of times a day.

The report was published by the Irish Council for Civil Liberties (ICCL), written and designed by "Google's biggest headache" Dr Johnny Ryan.

RTB relies on personal data – including info on your location, device, and browsing habits – to personalize ads, with the recording and sharing of data being referred to as an RTB broadcast. These ad auctions generated over $117 billion in 2021 in the US and Europe, the report claims – and other estimates expect the RTB market to grow a further $16.52 billion by 2026.

On average, per day, a person’s data is shared 747 times in the USA and 376 times in Europe, the ICCL report found. Combined, this comes to an average of 294 billion broadcasts per day in the US, 197 billion a day in Europe, and a staggering 178 trillion per year in the US and Europe combined, the report claims.

In the US, the hardest-hit residents were in Colorado, with an estimated 987 RTB broadcasts daily, whereas the District of Columbia came out the lightest at 486. UK residents were the most exposed in Europe at 462 broadcasts daily, whereas Romania had the least at 149.

However, the report explains that “We regard the figures presented for RTB broadcasts as a low estimate. The industry figures on which we rely do not include Facebook or Amazon RTB broadcasts.”

Google was identified by the report as the biggest RTB company, allowing 4,698 firms in the US and 1,058 in Europe to access RTB data. In a statement sent to TechCrunch, a Google spokesperson said that “We don’t share personally identifiable information and we also don’t show ads based on sensitive information, such as health, race, or religion. We require publishers to prove they have people’s consent before showing any personalised ads and have done for many years.”

The report comes after another scandal around the market for personal data, with Motherboard reporting that location data broker SafeGraph was selling data on those who visited Planned Parenthood. This data included harvested location data, showing where individuals came from and where they went after visiting Planned Parenthood. After Motherboard’s report, SafeGraph stopped selling this data, citing “potential federal changes in family planning access” (aka the leaked overturning of Roe V Wade) in a statement.