Brave uncovers widespread surveillance of UK citizens by private companies embedded on UK council websites
Direct insight? Brave can brief you in person.
In-person briefings from Brave on key regulatory developments and their implications. Held at Brave’s offices, and elsewhere.
A new report from Brave reveals that people seeking help for addiction, disability, and poverty on council websites are profiled by private companies in the UK.
Brave announces Surveillance on UK council websites, a study of private companies’ data collection on council websites across the United Kingdom.
Brave has uncovered widespread surveillance of UK citizens by private companies embedded on UK council websites. “Surveillance on UK council websites”, a new report from Brave, reveals the extent of private companies’ surveillance of UK citizens when they seek help for addiction, disability, and poverty from their local government authorities.
None of the data collecting companies recorded in this study had received consent from the website visitor to lawfully process data.
- Nearly all councils in the UK permit at least one company to learn about the behaviour of people visiting their websites. Tweet this
- People seeking information about disability, poverty, drugs and alcoholism services are profiled by data brokers on some council websites. Tweet this
- 198 council websites in the UK use the “real-time bidding” (RTB) form of advertising. Real-time bidding is the biggest data breach ever recorded in the UK. Though illegality is not in dispute, the UK Information Commissioner (ICO) has failed to act. Tweet this
- Google owns all five of the top embedded elements loaded by UK council websites, giving it the power to know what virtually anyone in the UK views on council sites. Tweet this
- Over of a quarter of the UK population is served by councils that embed Twitter, Facebook, and others on their websites, leaking data about what sensitive issues people read about to these companies. Tweet this
- 6.9 million people are served by councils that allow data broker LiveRamp to track people on their sites. Until recently, LiveRamp was part of the Acxiom Group, which sold data to Cambridge Analytica. Tweet this
- None of the data collecting companies recorded in this study had received consent from the website visitor to lawfully process data. Tweet this
- This report should spur Elizabeth Denham, the UK Information Commissioner, to finally enforce the GDPR. It is 17 months since formal evidence from Brave and complaints about breaches of data protection laws were filed before the ICO. Tweet this
Press Assets: graphics, embeddable assets
- Press release – Brave reports on private surveillance and data breaches on UK local council websites
- UK Council Data Leaks Map showing the number of data collectors embedded on each council website in the UK
- Greater London councils showing the number of data collectors embedded on each council website
- UK local and unitary councils showing the number of data collectors embedded on each council website
- English non-metropolitan county councils showing the number of data collectors embedded on each council website
- Real-time bidding data breach map of council sites across the UK
- Number of data brokers discovered on council websites, mapped across the UK
- Council page for financially distressed people, showing companies it leaks data to
- Council page for drug abuse & alcoholism, showing companies it leaks data to
- Council page for special educational needs and disability, showing companies it leaks data to
- Diagram: Council Advertising Network, shares profile data with these 22 partner companies
- Diagram: Number of trackers on larger council websites Councils serving 300,000+ people, with 7+ data collectors
- Diagram: Your data trail
- Diagram: Number of council sites that load each “RTB” data breaching company
- Diagram: Social tools and plug-ins on council sites
- Diagram: Example: AddThis share buttons
Brave company materials
Embeddable Data Leakage Explorer Tool
Paste this code below in to your CMS to display the interactive Data Leakage Explorer tool (see the Tool here)
Embeddable version of the full report
Paste this code below in to your CMS to display a SlideShare embedded version of the full report.
<iframe src=”//www.slideshare.net/slideshow/embed_code/key/Jz0V9ue6AFscM1″ width=”595″ height=”485″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ scrolling=”no” style=”border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;” allowfullscreen> </iframe> <div style=”margin-bottom:5px”> <strong> <a href=”//www.slideshare.net/pagefair/2015-ad-blocking-report-the-cost-of-adblocking” title=”2015 Ad Blocking Report – The Cost of Adblocking” target=”_blank”>2015 Ad Blocking Report – The Cost of Adblocking</a> </strong> from <strong><a href=”https://www.slideshare.net/pagefair” target=”_blank”>PageFair</a></strong> </div>
Embeddable teaser video
Paste this code below in to your CMS to display a Vimeo embedded video
<iframe title=”vimeo-player” src=”https://player.vimeo.com/video/388582868″ width=”640″ height=”360″ frameborder=”0″ allowfullscreen></iframe>
“Once your interests and online activity is out in the wild you have no idea how it might be used”, said Dr Ryan. “The conventional web browsers do not protect against this”.
Failure of ICO enforcement
Real-time bidding is the biggest data breach ever recorded in the UK. Though illegality is not in dispute, the UK’s privacy regulator (the ICO) has failed to act.
“It is now a full 17 months since evidence from Brave and complaints about breaches of data protection laws were filed before the ICO”, said Mr Eich. “The time to act is now”.
Timeline of ICO inaction:
- January 2018 The ICO is contacted by Dr Johnny Ryan, then an industry whistle blower, about the RTB data breach.
- September 2018 Brave initiates a campaign of formal GDPR complaints to stop the RTB data breach. The ICO receives Brave’s evidence in GDPR complaints from Jim Killock of the Open Rights Group and Dr Michael Veale.
- June 2019 The ICO announces that RTB is currently unlawful, and gives the industry six months to clean up.
- December 2019 The ICO’s six month grace period for the RTB industry ends. No substantive action is proposed by industry.
- January 2020 The ICO announces it accepts the RTB industry’s gestures, and will take no immediate action to stop the continuing RTB data breach.
See more at https://brave.com/rtb-updates/.
Data Leaks Explorer
How to use this tool
Pan around the map and zoom in and out. Reset your view by clicking this icon that appears as you use the map.
You can embed this tool on any site by clicking the share icon below the map.
Brave is a new, private web browser. It has unmatched speed and battery life. And it also blocks data-grabbing ads and trackers.
10 million people use Brave to make the web quicker and safer. You can download it for your phone or computer and browse the web with confidence.
Brave’s submission to the UK Competition & Markets Authority shows how to fix the RTB market and end Google’s advertising monopoly.
This note highlights the inadequacies of Google and IAB proposals to reform RTB, and rebuts the argument for inaction.
The ICO has today announced that it will be taking no substantive action to fix “RTB”, the largest data breach ever recorded in the UK. Regulatory ambivalence cannot continue. We are considering all options to put an end to the systemic breach, including direct challenges to the controllers and judicial oversight of the ICO.