it's so crazy how internet has brainwashed us into thinking that the secret to perfect skin is buying a fuckton of expensive makeup products and a 15 step makeup routine and not like. eating healthy food drinking water exercising

My Best Advice For Seniors

Summer is finally here and for many of my fellow high school seniors, we’re starting a new chapter of our lives at university this fall. I recently had the opportunity to take a university class in grade 12 and I’ll be honest, it was a wakeup call. Even though it was only one class, I learned a lot about university life and I am definitely more prepared for this fall. Obviously, this was a one in a million opportunity that not everyone will have, so I figured I’d share all the information I got out of the experience. (DISCLAIMER: I took a first year political science course so this information may not be relevant to certain subject areas)

 1. FORGET YOUR AESTHETIC DURING CLASS

Your prof gonna talk for 50 mostly uninterrupted minutes about a subject that they LOVE to talk about if you get a good one. You’re gonna be taking notes on rapid fire and you have no time to think about your colour code when your prof is bouncing from topic to topic. HOWEVER, your prof WILL make it obvious what’s important. I can’t really say how because it differs from prof to prof and is not as obvious as a high school teacher, but you will definitely know when it happens. When that would happen in my class, I would either underline it with the pencil I was writing with or with the yellow highlighter I found on the floor my first day.

What I used for note taking during my lectures literally cost a total of three dollars MAYBE for all of it. I used a composition notebook from the dollar bin at walmart, a found highlighter and a staedtler fineliner (which was actually the most expensive part of the whole ordeal) 

One last thing: depending on your prof you may or may not have a powerpoint to follow. The prof I had refused to use powerpoint because it did not fit with her teaching style, but she would write an outline of the lecture on the whiteboard at the beginning of each lecture so we had an idea of what was going on. Like I said, it depends heavily on the prof.

2. THE READINGS WILL BE DAMN NEAR IMPOSSIBLE TO DO

so don’t do all of them. I’m not saying to blow them off entirely but I am saying that not doing every single reading will give you an F. For me, it was very high school in the way that my prof would discuss the content with us after the reading was supposed to be done. Additionally, make sure to read your readings sheet carefully because often times my prof would only want us to read certain chapters or sections of chapters. This saves a lot of stress and work so please make sure you read your readings sheet carefully.

Going with that, sparknotes can save your life. For me, when we had to read all these early political philosophers, I just did not understand anything I read so going to sparknotes would just clarify any questions I had.

3. FOR THE LOVE OF GOD, PLEASE REVIEW YOUR NOTES AFTER THE LECTURE 

Literally just review them whenever you have down time that day. Even if you just glance at them while you’re eating lunch or before going to bed, its better than nothing. This is just so you can have them in your head and think about them so if you have questions you can write them down and ask one of the people in your class if they understood it. At this time you can also highlight some new vocabulary words or important topics and write some extra notes in the margins. My friend and I used to do this when we got back to school and it literally look 15 minutes. Our grades totally benefitted too like we both ended up with As in the course as high school students which is never the expectation going in.

4. YOU WILL PROBABLY NOT MAKE FRIENDS IN LECTURES

I swear to god I only talked to 4 people in that entire semester I was taking the class. Two of them were friends from my high school that graduated, one was my friend who also got to take a uni course ass a grade 12 and one was some guy who asked what day it was when we were taking our midterm. This probably sounds really discouraging, especially if you’ll be commuting to uni from home, but I found it was a really good way to not be distracted in a room of 200 people. It was also comforting to know that no one cared how bad you looked cuz you’ll probably never see them again.

If you’re still worried that you won’t make any friends because maybe you live off campus or something, don’t be! I ended up making a lot of friends outside of my lectures. No matter if you live on or off campus, you can study in the library or any other designated study space. Surprisingly, there are quiet study spaces and there are not so quiet study spaces and in the not so quiet spaces, people will probably talk to you unless you clearly don’t want to be talked to (wearing headphones, head buried in work, etc). This is actually an awesome way to spend time between classes if you commute or if your dorm is across campus from your next class. Just be reminded that the lecture hall is gonna be dead silent and that is like the ONLY place on campus where you probably won’t make a friend.  

5. YOUR HIGH SCHOOL TEACHERS LIED

How many times did you hear “college will be a lot harder than this!” or “your prof will NEVER let you hand work in late” or “your prof WILL NOT let you go on your phone!” or any other garbage like that? Yeah probably a lot if your high school teachers were anything like mine. The truth is that most of it depends on your prof. Profs are a lot less... standardized(?) than high school teachers. What I mean by that is that profs can pretty much do whatever they want within reason so if they wanna ban all laptops and smartphones in their class they totally can but that goes both ways and they low key don’t care, especially in first year classes with 200+ students. They don’t even know your name, let alone if you’re playing on your phone. Most of the time they won’t even care if your essay is late if you go in at office hours and explain yourself. You’ll probably get a percentage taken off but the notion that they won’t accept late work is dumb. That being said, there were assignments in my course where you could not hand in the paper unless you attended the tutorial, but even so, if you couldn’t make it for whatever reason (my reason was that I was seeing Green Day 8 hours away so literally any reason) you could talk to the prof about it and she’d arrange for you to attend a different tutorial.

I personally found that my prof was a lot less high strung than my teachers at high school. When I would talk to my prof she was always super chill and she basically just wanted to talk about politics. The only time she wasn’t chill was when she respectfully called out some dude bros aggressively talking about football in the back row.

My weird point here is that teachers make REALLY general statements about college based for the purpose of motivating students to actually do anything during class time.  

Anyway, this has been my super long post of advice. I hope it helps in some way and if you have any questions about university, I will do my very best to help you!! This is just the stuff that I wish I knew when I started off my adventure into part-time post-secondary education!

Google and IAB ad category lists show “massive leakage of highly intimate data”, GDPR complaint claims

Male impotence, substance abuse, right-wing politics, left-wing politics, sexually transmitted diseases, cancer, mental health.

Those are just a few of the advertising labels that Google’s adtech infrastructure routinely sticks to Internet users as it watches and tracks what they do online in order to target them with behavioral ads.

Intimate and highly sensitive inferences such as these are then systematically broadcast and shared with what can be thousands of third party companies, via the real-time ad auction broadcast process which powers the modern programmatic online advertising system. So essentially you’re looking at the rear-end reality of how creepy ads work.

This practice is already the target of a legal complaint in Europe, filed under the bloc’s General Data Protection Regulation (GDPR).

The real-time bidding (RTB) complaint, which was lodged last fall by Dr Johnny Ryan of private browser Brave; Jim Killock, previously director of the Open Rights Group; and Michael Veale, a data and policy researcher at University College London, alleges “wide-scale and systemic breaches of the data protection regime by Google and others” in the behavioral advertising industry.

It argues the personalized ad industry has “spawned a mass data broadcast mechanism” which gathers “a wide range of information on individuals going well beyond the information required to provide the relevant adverts”; and also that it “provides that information to a host of third parties for a range of uses that go well beyond the purposes which a data subject can understand, or consent or object to”.

“There is no legal justification for such pervasive and invasive profiling and processing of personal data for profit,” the complaint asserts.

The individuals filing the complaints have now submitted additional evidence showing lists of ad categories used by Google and online ad industry association, the Internet Advertising Bureau (IAB), that they say show sensitive inferences are systematically made.

The documents, reviewed by TechCrunch, are supplementary evidence for the two original complaints filed with the UK’s ICO and the Irish DPC last year.

The complaint action has also now been joined by Polish anti-surveillance NGO, the Panoptykon Foundation — which has notified its local DPA of what it describes as “massive GDPR infringement”.

“Ad auction systems are obscure by design,” said Katarzyna Szymielewicz, president of the NGO in a statement. “Lack of transparency makes it impossible for users to exercise their rights under GDPR. There is no way to verify, correct or delete marketing categories that have been assigned to us, even though we are talking about our personal data. IAB and Google have to redesign their systems to fix this failure.”

Ravi Naik, partner at ITN Solicitors, who is working with the complainants, also added in a statement: “Panoptykon’s submissions add to the increasing focus on real time bidding. The complaint builds on our work before the UK ICO and Irish DPC. We foresee a cascade of complaints to follow across Europe, and fully expect an EU-wide regulatory response”.

The three content taxonomy documents that have been submitted as evidence include one used by Google and two compiled by the IAB to provide publishers with lists of ad categories.

The pair make the lists available online for publishers to download, though there’s no suggestion general Internet users are encouraged to take a look at how their online activity is sliced and diced into ad categories in order that their attention can be sold off to the highest bidder.

And while plenty of the ad categories look harmless enough — hatchback cars, pets, poetry, and so on — others, such as the ones we’ve flagged above, can be highly intimate and/or sensitive.

In Europe such sensitive data categories constitute what’s considered special category personal data — which refers to the most sensitive types of personal data, including medical information; political affiliation; religious or philosophical views; sexuality; and information revealing racial or ethnic origin.

Multiple types of this special category data appear to be included in the content taxonomy lists we’ve reviewed.

Under GDPR, processing special category data generally requires explicit consent from users — with only very narrow exceptions, such as for protecting the vital interests of the data subjects (and, well, trying to sell Viagra isn’t going to qualify).

The original complaints argue that Internet users are unlikely to be aware such labels are being routinely stuck on them, let alone how widely their personal data is being shared with third parties participating in programatic ad auctions that rely on scale as a core function.

The RTB process does not offer Internet users an opportunity to consent to each and every personal data transaction. If it did, web browsers would be swamped with creepy requests to process intimate information about them from scores of unfamiliar companies. And there’s no reason to think people would be okay with that.

“The speed at which RTB occurs means that such special category data may be disseminated without any consent or control over the dissemination of that data. Given that such data is likely to be disseminated to numerous organisations who would look to amalgamate such data with other data, extremely intricate profiles of individuals can be produced without the data subject’s knowledge, let alone consent,” the group write in their original complaint filing.

“The industry facilitates this practice and does not put adequate safeguards in place to ensure the integrity of that personal (and special category) data. Further, individuals are unlikely to know that their personal data has been so disseminated and broadcast unless they are somehow able to make effective subject access requests to a vast array of companies. It is not clear whether those organisations have a record of compliance with such requests. Without action by regulators, it is impossible to ensure industry-wide compliance with data protection regulations.”

They cite a New Economics Foundation’s estimate which suggests ad auction companies broadcast intimate profiles about an average UK internet user 164 times per day, adding: “Tracking IDs and other personally specific information are not actually necessary for ad targeting but allow you to be reidentified and profiled every day.”

Here’s a few more highly sensitive labels that are being attached to web users’ identities and shared with potentially thousands of bidding ad companies — in this case the labels are ones which the IAB uses: Special needs kids, endocrine and metabolic diseases, birth control, infertility, diabetes, Islam, Judaism, disabled sports, bankruptcy.

These categories come from v2 of the IAB’s content taxonomy.

The group has also submitted v1 of the IAB’s taxonomy as evidence, and this list includes other disturbingly intimate categories — including a category for ‘incest/abuse support’.

The IAB claims to have depreciated the v1 list but the complainants say it’s still being used in the IAB’s latest ad auctioning system.

We’ve reached out to the IAB Europe for comment.

Filing this new evidence, the complainants argue it underlines “the unreasonable degree of intimacy of the personal data broadcast in ad auctions”.

“The evidence we file today illustrates that the IAB and Google ad auction system can broadcast remarkably intimate details about what you watch, listen to, and read online. ‘Special category’ personal data like this enjoys special protections in the GDPR. I believe this raises the stakes of our complaint,” Brave’s Ryan told TechCrunch.

“Actors in this ecosystem are keen for the public to think they are dealing in anonymous, or at the very least non-sensitive data, but this simply isn’t the case. Hugely detailed and invasive profiles are routinely and casually built and traded as part of today’s real-time bidding system, and this practice is treated though it’s a simple fact of life online. It isn’t: and it both needs to and can stop,” added Veale in a statement.

The original IAB lists can be downloaded as a spreadsheet here (see tab 2 for the v1 list; and tab 1 for v2). While PDF versions of the IAB lists with special category and sensitive data highlighted by the complainants can be viewed here (v1) and here (v2).

Google’s original document can be downloaded here from developers.Google.com. (A marked up version highlighting the special category data is also available from Brave here.)

We’ve also reached out to Google for comment on the latest development in the complaint.

After being sent the category lists for review, an ICO spokesperson told us: “The ICO and our partner authorities on the European Data Protection Board are already engaged on various issues relating to Google and we are engaging with the industry more widely. We are considering the concerns that have been raised with us.”

The agency has made online behavioral advertising a key priority, noting in its Technology Strategy that it’s probing web and cross device tracking, citing examples such as device fingerprinting, browser fingerprinting and canvas fingerprinting.

“This is likely to continue as more devices connect to the internet (IoT, vehicles etc) and as individuals use more devices for their online activities,” it writes in the strategy document. “These new online tracking capabilities are becoming more common and pose much greater risks in terms of systematic monitoring and tracking of individuals, including online behavioural advertising. The intrusive nature of the technologies in combination drives the case for this to be a priority area.”

from RSSMix.com Mix ID 8204425 https://tcrn.ch/2UhwhTC via IFTTT

Google and IAB ad category lists show “massive leakage of highly intimate data”, GDPR complaint claims

Male impotence, substance abuse, right-wing politics, left-wing politics, sexually transmitted diseases, cancer, mental health.

Those are just a few of the advertising labels that Google’s adtech infrastructure routinely sticks to Internet users as it watches and tracks what they do online in order to target them with behavioral ads.

Intimate and highly sensitive inferences such as these are then systematically broadcast and shared with what can be thousands of third party companies, via the real-time ad auction broadcast process which powers the modern programmatic online advertising system. So essentially you’re looking at the rear-end reality of how creepy ads work.

This practice is already the target of a legal complaint in Europe, filed under the bloc’s General Data Protection Regulation (GDPR).

The real-time bidding (RTB) complaint, which was lodged last fall by Dr Johnny Ryan of private browser Brave; Jim Killock, previously director of the Open Rights Group; and Michael Veale, a data and policy researcher at University College London, alleges “wide-scale and systemic breaches of the data protection regime by Google and others” in the behavioral advertising industry.

It argues the personalized ad industry has “spawned a mass data broadcast mechanism” which gathers “a wide range of information on individuals going well beyond the information required to provide the relevant adverts”; and also that it “provides that information to a host of third parties for a range of uses that go well beyond the purposes which a data subject can understand, or consent or object to”.

“There is no legal justification for such pervasive and invasive profiling and processing of personal data for profit,” the complaint asserts.

The individuals filing the complaints have now submitted additional evidence showing lists of ad categories used by Google and online ad industry association, the Internet Advertising Bureau (IAB), that they say show sensitive inferences are systematically made.

The documents, reviewed by TechCrunch, are supplementary evidence for the two original complaints filed with the UK’s ICO and the Irish DPC last year.

The complaint action has also now been joined by Polish anti-surveillance NGO, the Panoptykon Foundation — which has notifies its local DPA of what it describes as “massive GDPR infringement”.

“Ad auction systems are obscure by design,” said Katarzyna Szymielewicz, president of the NGO in a statement. “Lack of transparency makes it impossible for users to exercise their rights under GDPR. There is no way to verify, correct or delete marketing categories that have been assigned to us, even though we are talking about our personal data. IAB and Google have to redesign their systems to fix this failure.”

Ravi Naik, partner at ITN Solicitors, who is working with the complainants, also added in a statement: “Panoptykon’s submissions add to the increasing focus on real time bidding. The complaint builds on our work before the UK ICO and Irish DPC. We foresee a cascade of complaints to follow across Europe, and fully expect an EU-wide regulatory response”.

The three content taxonomy documents that have been submitted as evidence include one used by Google and two compiled by the IAB to provide publishers with lists of ad categories.

The pair make the lists available online for publishers to download, though there’s no suggestion general Internet users are encouraged to take a look at how their online activity is sliced and diced into ad categories in order that their attention can be sold off to the highest bidder.

And while plenty of the ad categories look harmless enough — hatchback cars, pets, poetry, and so on — others, such as the ones we’ve flagged above, can be highly intimate and/or sensitive.

In Europe such sensitive data categories constitute what’s considered special category personal data — which refers to the most sensitive types of personal data, including medical information, political affiliation, religious or philosophical views, sexuality and information revealing racial or ethnic origin.

Multiple types of this special category data appear to be included in the content taxonomy lists we’ve reviewed.

Under GDPR, processing special category data generally requires explicit consent from users — with only very narrow exceptions, such as for protecting the vital interests of the data subjects (and, well, trying to sell Viagra isn’t going to qualify).

The original complaints argue that Internet users are unlikely to be aware such labels are being routinely stuck on them, let alone how widely their personal data is being shared with third parties participating in programatic ad auctions that rely on scale for the system to function.

The RTB process does not offer Internet users an opportunity to consent to each and every personal data transaction. If it did, web browsers would be swamped with creepy requests to process intimate information about them from scores of unfamiliar companies. And there’s no reason to think people would be okay with that.

“The speed at which RTB occurs means that such special category data may be disseminated without any consent or control over the dissemination of that data. Given that such data is likely to be disseminated to numerous organisations who would look to amalgamate such data with other data, extremely intricate profiles of individuals can be produced without the data subject’s knowledge, let alone consent,” the group write in their original complaint filing.

“The industry facilitates this practice and does not put adequate safeguards in place to ensure the integrity of that personal (and special category) data. Further, individuals are unlikely to know that their personal data has been so disseminated and broadcast unless they are somehow able to make effective subject access requests to a vast array of companies. It is not clear whether those organisations have a record of compliance with such requests. Without action by regulators, it is impossible to ensure industry-wide compliance with data protection regulations.”

They cite a New Economics Foundation’s estimate which suggests ad auction companies broadcast intimate profiles about an average UK internet user 164 times per day, adding: “Tracking IDs and other personally specific information are not actually necessary for ad targeting but allow you to be reidentified and profiled every day.”

Here’s a few more highly sensitive labels that are being attached to web users’ identities and shared with potentially thousands of bidding ad companies: Special needs kids, endocrine and metabolic diseases, birth control, infertility, diabetes, Islam, Judaism, disabled sports, bankruptcy.

These categories come from v2 of the IAB’s content taxonomy.

The group has also submitted v1 of the IAB’s taxonomy as evidence, and this includes other disturbingly intimate categories — including a category for ‘incest/abuse support’.

The IAB claims to have depreciated the v1 list but the complainants say it’s still being used in the IAB’s latest ad auctioning system.

We’ve reached out to the IAB for comment.

Filing this new evidence, the complainants argue it underlines “the unreasonable degree of intimacy of the personal data broadcast in ad auctions”.

“The evidence we file today illustrates that the IAB and Google ad auction system can broadcast remarkably intimate details about what you watch, listen to, and read online. ‘Special category’ personal data like this enjoys special protections in the GDPR. I believe this raises the stakes of our complaint,” Brave’s Ryan told TechCrunch.

“Actors in this ecosystem are keen for the public to think they are dealing in anonymous, or at the very least non-sensitive data, but this simply isn’t the case. Hugely detailed and invasive profiles are routinely and casually built and traded as part of today’s real-time bidding system, and this practice is treated though it’s a simple fact of life online. It isn’t: and it both needs to and can stop,” added Veale in a statement.

The original IAB lists can be downloaded as a spreadsheet here (see tab 2 for the v1 list; and tab 1 for v2). While PDF versions of the IAB lists with special category and sensitive data highlighted can be viewed here (v1) and here (v2).

Google’s original document can be downloaded here from developers.Google.com. (A marked up version highlighting the special category data is also available from Brave here.)

We’ve also reached out to Google for comment on the latest development in the complaint.

After being sent the category lists for review, an ICO spokesperson told us: “The ICO and our partner authorities on the European Data Protection Board are already engaged on various issues relating to Google and we are engaging with the industry more widely. We are considering the concerns that have been raised with us.”

The agency has made online behavioral advertising a key priority, noting in its Technology Strategy that it’s probing web and cross device tracking, and citing examples including device fingerprinting, browser fingerprinting and canvas fingerprinting.

“This is likely to continue as more devices connect to the internet (IoT, vehicles etc) and as individuals use more devices for their online activities,” it writes in the strategy document. “These new online tracking capabilities are becoming more common and pose much greater risks in terms of systematic monitoring and tracking of individuals, including online behavioural advertising. The intrusive nature of the technologies in combination drives the case for this to be a priority area.”

[Telegram Channel | Original Article ]

Google and IAB ad category lists show “massive leakage of highly intimate data”, GDPR complaint claims

Male impotence, substance abuse, right-wing politics, left-wing politics, sexually transmitted diseases, cancer, mental health.

Those are just a few of the advertising labels that Google’s adtech infrastructure routinely sticks to Internet users as it watches and tracks what they do online in order to target them with behavioral ads.

Intimate and highly sensitive inferences such as these are then systematically broadcast and shared with what can be thousands of third party companies, via the real-time ad auction broadcast process which powers the modern programmatic online advertising system. So essentially you’re looking at the rear-end reality of how creepy ads work.

This practice is already the target of a legal complaint in Europe, filed under the bloc’s General Data Protection Regulation (GDPR).

The real-time bidding (RTB) complaint, which was lodged last fall by Dr Johnny Ryan of private browser Brave; Jim Killock, previously director of the Open Rights Group; and Michael Veale, a data and policy researcher at University College London, alleges “wide-scale and systemic breaches of the data protection regime by Google and others” in the behavioral advertising industry.

It argues the personalized ad industry has “spawned a mass data broadcast mechanism” which gathers “a wide range of information on individuals going well beyond the information required to provide the relevant adverts”; and also that it “provides that information to a host of third parties for a range of uses that go well beyond the purposes which a data subject can understand, or consent or object to”.

“There is no legal justification for such pervasive and invasive profiling and processing of personal data for profit,” the complaint asserts.

The individuals filing the complaints have now submitted additional evidence showing lists of ad categories used by Google and online ad industry association, the Internet Advertising Bureau (IAB), that they say show sensitive inferences are systematically made.

The documents, reviewed by TechCrunch, are supplementary evidence for the two original complaints filed with the UK’s ICO and the Irish DPC last year.

The complaint action has also now been joined by Polish anti-surveillance NGO, the Panoptykon Foundation — which has notifies its local DPA of what it describes as “massive GDPR infringement”.

“Ad auction systems are obscure by design,” said Katarzyna Szymielewicz, president of the NGO in a statement. “Lack of transparency makes it impossible for users to exercise their rights under GDPR. There is no way to verify, correct or delete marketing categories that have been assigned to us, even though we are talking about our personal data. IAB and Google have to redesign their systems to fix this failure.”

Ravi Naik, partner at ITN Solicitors, who is working with the complainants, also added in a statement: “Panoptykon’s submissions add to the increasing focus on real time bidding. The complaint builds on our work before the UK ICO and Irish DPC. We foresee a cascade of complaints to follow across Europe, and fully expect an EU-wide regulatory response”.

The three content taxonomy documents that have been submitted as evidence include one used by Google and two compiled by the IAB to provide publishers with lists of ad categories.

The pair make the lists available online for publishers to download, though there’s no suggestion general Internet users are encouraged to take a look at how their online activity is sliced and diced into ad categories in order that their attention can be sold off to the highest bidder.

And while plenty of the ad categories look harmless enough — hatchback cars, pets, poetry, and so on — others, such as the ones we’ve flagged above, can be highly intimate and/or sensitive.

In Europe such sensitive data categories constitute what’s considered special category personal data — which refers to the most sensitive types of personal data, including medical information, political affiliation, religious or philosophical views, sexuality and information revealing racial or ethnic origin.

Multiple types of this special category data appear to be included in the content taxonomy lists we’ve reviewed.

Under GDPR, processing special category data generally requires explicit consent from users — with only very narrow exceptions, such as for protecting the vital interests of the data subjects (and, well, trying to sell Viagra isn’t going to qualify).

The original complaints argue that Internet users are unlikely to be aware such labels are being routinely stuck on them, let alone how widely their personal data is being shared with third parties participating in programatic ad auctions that rely on scale for the system to function.

The RTB process does not offer Internet users an opportunity to consent to each and every personal data transaction. If it did, web browsers would be swamped with creepy requests to process intimate information about them from scores of unfamiliar companies. And there’s no reason to think people would be okay with that.

“The speed at which RTB occurs means that such special category data may be disseminated without any consent or control over the dissemination of that data. Given that such data is likely to be disseminated to numerous organisations who would look to amalgamate such data with other data, extremely intricate profiles of individuals can be produced without the data subject’s knowledge, let alone consent,” the group write in their original complaint filing.

“The industry facilitates this practice and does not put adequate safeguards in place to ensure the integrity of that personal (and special category) data. Further, individuals are unlikely to know that their personal data has been so disseminated and broadcast unless they are somehow able to make effective subject access requests to a vast array of companies. It is not clear whether those organisations have a record of compliance with such requests. Without action by regulators, it is impossible to ensure industry-wide compliance with data protection regulations.”

They cite a New Economics Foundation’s estimate which suggests ad auction companies broadcast intimate profiles about an average UK internet user 164 times per day, adding: “Tracking IDs and other personally specific information are not actually necessary for ad targeting but allow you to be reidentified and profiled every day.”

Here’s a few more highly sensitive labels that are being attached to web users’ identities and shared with potentially thousands of bidding ad companies: Special needs kids, endocrine and metabolic diseases, birth control, infertility, diabetes, Islam, Judaism, disabled sports, bankruptcy.

These categories come from v2 of the IAB’s content taxonomy.

The group has also submitted v1 of the IAB’s taxonomy as evidence, and this includes other disturbingly intimate categories — including a category for ‘incest/abuse support’.

The IAB claims to have depreciated the v1 list but the complainants say it’s still being used in the IAB’s latest ad auctioning system.

We’ve reached out to the IAB for comment.

Filing this new evidence, the complainants argue it underlines “the unreasonable degree of intimacy of the personal data broadcast in ad auctions”.

“The evidence we file today illustrates that the IAB and Google ad auction system can broadcast remarkably intimate details about what you watch, listen to, and read online. ‘Special category’ personal data like this enjoys special protections in the GDPR. I believe this raises the stakes of our complaint,” Brave’s Ryan told TechCrunch.

“Actors in this ecosystem are keen for the public to think they are dealing in anonymous, or at the very least non-sensitive data, but this simply isn’t the case. Hugely detailed and invasive profiles are routinely and casually built and traded as part of today’s real-time bidding system, and this practice is treated though it’s a simple fact of life online. It isn’t: and it both needs to and can stop,” added Veale in a statement.

The original IAB lists can be downloaded as a spreadsheet here (see tab 2 for the v1 list; and tab 1 for v2). While PDF versions of the IAB lists with special category and sensitive data highlighted can be viewed here (v1) and here (v2).

Google’s original document can be downloaded here from developers.Google.com. (A marked up version highlighting the special category data is also available from Brave here.)

We’ve also reached out to Google for comment on the latest development in the complaint.

After being sent the category lists for review, an ICO spokesperson told us: “The ICO and our partner authorities on the European Data Protection Board are already engaged on various issues relating to Google and we are engaging with the industry more widely. We are considering the concerns that have been raised with us.”

The agency has made online behavioral advertising a key priority, noting in its Technology Strategy that it’s probing web and cross device tracking, and citing examples including device fingerprinting, browser fingerprinting and canvas fingerprinting.

“This is likely to continue as more devices connect to the internet (IoT, vehicles etc) and as individuals use more devices for their online activities,” it writes in the strategy document. “These new online tracking capabilities are becoming more common and pose much greater risks in terms of systematic monitoring and tracking of individuals, including online behavioural advertising. The intrusive nature of the technologies in combination drives the case for this to be a priority area.”

Via Natasha Lomas https://techcrunch.com

Google and IAB ad category lists show “massive leakage of highly intimate data”, GDPR complaint claims

Male impotence, substance abuse, right-wing politics, left-wing politics, sexually transmitted diseases, cancer, mental health.

Those are just a few of the advertising labels that Google’s adtech infrastructure routinely sticks to Internet users as it watches and tracks what they do online in order to target them with behavioral ads.

Intimate and highly sensitive inferences such as these are then systematically broadcast and shared with what can be thousands of third party companies, via the real-time ad auction broadcast process which powers the modern programmatic online advertising system. So essentially you’re looking at the rear-end reality of how creepy ads work.

This practice is already the target of a legal complaint in Europe, filed under the bloc’s General Data Protection Regulation (GDPR).

The real-time bidding (RTB) complaint, which was lodged last fall by Dr Johnny Ryan of private browser Brave; Jim Killock, previously director of the Open Rights Group; and Michael Veale, a data and policy researcher at University College London, alleges “wide-scale and systemic breaches of the data protection regime by Google and others” in the behavioral advertising industry.

It argues the personalized ad industry has “spawned a mass data broadcast mechanism” which gathers “a wide range of information on individuals going well beyond the information required to provide the relevant adverts”; and also that it “provides that information to a host of third parties for a range of uses that go well beyond the purposes which a data subject can understand, or consent or object to”.

“There is no legal justification for such pervasive and invasive profiling and processing of personal data for profit,” the complaint asserts.

The individuals filing the complaints have now submitted additional evidence showing lists of ad categories used by Google and online ad industry association, the Internet Advertising Bureau (IAB), that they say show sensitive inferences are systematically made.

The documents, reviewed by TechCrunch, are supplementary evidence for the two original complaints filed with the UK’s ICO and the Irish DPC last year.

The complaint action has also now been joined by Polish anti-surveillance NGO, the Panoptykon Foundation — which has notifies its local DPA of what it describes as “massive GDPR infringement”.

“Ad auction systems are obscure by design,” said Katarzyna Szymielewicz, president of the NGO in a statement. “Lack of transparency makes it impossible for users to exercise their rights under GDPR. There is no way to verify, correct or delete marketing categories that have been assigned to us, even though we are talking about our personal data. IAB and Google have to redesign their systems to fix this failure.”

Ravi Naik, partner at ITN Solicitors, who is working with the complainants, also added in a statement: “Panoptykon’s submissions add to the increasing focus on real time bidding. The complaint builds on our work before the UK ICO and Irish DPC. We foresee a cascade of complaints to follow across Europe, and fully expect an EU-wide regulatory response”.

The three content taxonomy documents that have been submitted as evidence include one used by Google and two compiled by the IAB to provide publishers with lists of ad categories.

The pair make the lists available online for publishers to download, though there’s no suggestion general Internet users are encouraged to take a look at how their online activity is sliced and diced into ad categories in order that their attention can be sold off to the highest bidder.

And while plenty of the ad categories look harmless enough — hatchback cars, pets, poetry, and so on — others, such as the ones we’ve flagged above, can be highly intimate and/or sensitive.

In Europe such sensitive data categories constitute what’s considered special category personal data — which refers to the most sensitive types of personal data, including medical information, political affiliation, religious or philosophical views, sexuality and information revealing racial or ethnic origin.

Multiple types of this special category data appear to be included in the content taxonomy lists we’ve reviewed.

Under GDPR, processing special category data generally requires explicit consent from users — with only very narrow exceptions, such as for protecting the vital interests of the data subjects (and, well, trying to sell Viagra isn’t going to qualify).

The original complaints argue that Internet users are unlikely to be aware such labels are being routinely stuck on them, let alone how widely their personal data is being shared with third parties participating in programatic ad auctions that rely on scale for the system to function.

The RTB process does not offer Internet users an opportunity to consent to each and every personal data transaction. If it did, web browsers would be swamped with creepy requests to process intimate information about them from scores of unfamiliar companies. And there’s no reason to think people would be okay with that.

“The speed at which RTB occurs means that such special category data may be disseminated without any consent or control over the dissemination of that data. Given that such data is likely to be disseminated to numerous organisations who would look to amalgamate such data with other data, extremely intricate profiles of individuals can be produced without the data subject’s knowledge, let alone consent,” the group write in their original complaint filing.

“The industry facilitates this practice and does not put adequate safeguards in place to ensure the integrity of that personal (and special category) data. Further, individuals are unlikely to know that their personal data has been so disseminated and broadcast unless they are somehow able to make effective subject access requests to a vast array of companies. It is not clear whether those organisations have a record of compliance with such requests. Without action by regulators, it is impossible to ensure industry-wide compliance with data protection regulations.”

They cite a New Economics Foundation’s estimate which suggests ad auction companies broadcast intimate profiles about an average UK internet user 164 times per day, adding: “Tracking IDs and other personally specific information are not actually necessary for ad targeting but allow you to be reidentified and profiled every day.”

Here’s a few more highly sensitive labels that are being attached to web users’ identities and shared with potentially thousands of bidding ad companies: Special needs kids, endocrine and metabolic diseases, birth control, infertility, diabetes, Islam, Judaism, disabled sports, bankruptcy.

These categories come from v2 of the IAB’s content taxonomy.

The group has also submitted v1 of the IAB’s taxonomy as evidence, and this includes other disturbingly intimate categories — including a category for ‘incest/abuse support’.

The IAB claims to have depreciated the v1 list but the complainants say it’s still being used in the IAB’s latest ad auctioning system.

We’ve reached out to the IAB for comment.

Filing this new evidence, the complainants argue it underlines “the unreasonable degree of intimacy of the personal data broadcast in ad auctions”.

“The evidence we file today illustrates that the IAB and Google ad auction system can broadcast remarkably intimate details about what you watch, listen to, and read online. ‘Special category’ personal data like this enjoys special protections in the GDPR. I believe this raises the stakes of our complaint,” Brave’s Ryan told TechCrunch.

“Actors in this ecosystem are keen for the public to think they are dealing in anonymous, or at the very least non-sensitive data, but this simply isn’t the case. Hugely detailed and invasive profiles are routinely and casually built and traded as part of today’s real-time bidding system, and this practice is treated though it’s a simple fact of life online. It isn’t: and it both needs to and can stop,” added Veale in a statement.

The original IAB lists can be downloaded as a spreadsheet here (see tab 2 for the v1 list; and tab 1 for v2). While PDF versions of the IAB lists with special category and sensitive data highlighted can be viewed here (v1) and here (v2).

Google’s original document can be downloaded here from developers.Google.com. (A marked up version highlighting the special category data is also available from Brave here.)

We’ve also reached out to Google for comment on the latest development in the complaint.

After being sent the category lists for review, an ICO spokesperson told us: “The ICO and our partner authorities on the European Data Protection Board are already engaged on various issues relating to Google and we are engaging with the industry more widely. We are considering the concerns that have been raised with us.”

The agency has made online behavioral advertising a key priority, noting in its Technology Strategy that it’s probing web and cross device tracking, and citing examples including device fingerprinting, browser fingerprinting and canvas fingerprinting.

“This is likely to continue as more devices connect to the internet (IoT, vehicles etc) and as individuals use more devices for their online activities,” it writes in the strategy document. “These new online tracking capabilities are becoming more common and pose much greater risks in terms of systematic monitoring and tracking of individuals, including online behavioural advertising. The intrusive nature of the technologies in combination drives the case for this to be a priority area.”

source https://techcrunch.com/2019/01/27/google-and-iab-ad-category-lists-show-massive-leakage-of-highly-intimate-data-gdpr-complaint-claims/