How advertisers use sensitive data to target you
To be online can mean surrendering a whole host of data to unknown digital advertisers without even realizing it. By now, most people who use the Internet are aware that data privacy is lacking and that we’re continually being targeted with specific ads clamoring for our attention, urging us to buy what they’re selling.
What most don’t know is how precise the targeting can get.
You’re likely familiar with traditional demographic segmentation, such as age, gender, and location, but the reality is it can be far more invasive, going beyond these basic markers of identity to potentially stigmatizing ones. You might not be weirded out by being targeted as a 25-year-old female in Alaska, but you probably would have an issue with being targeted based on being a depressed divorcee with a gambling addiction.
Let’s take a closer look at how advertisers use this data.
Xandr’s sensitive audience segments
The creepy reality is that ad companies have this level of detailed data about you, exemplified by a recent report from The MarkUp. The publication’s reporters analyzed a database of 650,000 audience segments within advertising platform Xandr, and the results are shocking, even to data privacy experts. Adam Schwartz, a senior lawyer at Electronic Frontier Foundation (EFF), called it “one of the greatest threats to data privacy.”
Xandr is an online platform for buying and selling ads on both the advertiser and publisher sides. Microsoft purchased Xandr from AT&T in 2021. Advertisers can use the platform to target highly specific audience segments across various channels, including video and audio streaming. Meanwhile, publishers can sell their ad space and ensure only the most relevant ad appears alongside their content. Consumer segments can be used to determine who sees an ad and who doesn’t see an ad.
Xandr gained access to its highly specific audience segment data through 93 data suppliers. The MarkUp reporters found the database on a public page of the Xandr website, which listed the data suppliers alongside each segment. Some highlights include well-known data-broker companies like Oracle, Foursquare, Equifax, and Experian.
What’s in the data
What’s particularly eye-opening about the database is how seemingly disconnected data pools gleaned by tracking people’s real-world and online activities can be combined into such specific and sensitive groupings. Here’s a sample:
- Medicine and health: including segments for diabetes, hypertension, stroke, menopause, and reproductive health.
- Race and ethnicity: including particularly unique segments like Affluent Ethnic Couples, Elite Jewish Urbanites, and Suburban Hispanics.
- Politics: includes advocates and supporters for areas like gun rights, women’s equality, LGBTQ, and labor, as well as information about whether someone has attended a political protest and their voting history.
- Psychological profiles: groups consumers by sentiment and mental health status, including information as to whether someone is a lone wolf, confident and social, neurotic, or receptive to emotional messaging.
- Financial: Categorizes socioeconomic status of consumers with oddly named segments like Small Town Shallow Pockets, Birkenstocks and Beemers, and Progressive Potpourri.
Wolfie Christl, a privacy researcher at Cracked Labs who found the database file, told The Markup, “I think the file suggests that Xandr did not take even the slightest measures to exclude at least the most sensitive data from its marketplace.” Many worry that this sort of segmentation could be used for discriminatory purposes.
Microsoft has since removed the file from the Xandr website after the publication emailed them for comment multiple times without response.
Who does this impact?
Whether your data is being used, or this kind of segmentation targets you, depends on your local laws. The EU has stringent laws on data collection by companies with EU shoppers through its General Data Protection Requirements (GDPR) law. In the US, California, Virginia, and Colorado have similar laws, but no federal law currently protects online consumers.
Regarding platforms like Xandr, you can try to opt out by requesting to remove data from individual companies on the list, such as Oracle and Experian. However, that’s a monumental task when a database includes 93 data suppliers. Many privacy activists believe there should be a more systematic way to help people avoid tracking, and EFF supports banning targeted advertising entirely.
You can find out more information about the extent of Xandr’s data segmentation in The Markup’s report.
To learn more about data collection and some of the ways you can protect yourself, check out our article, Protecting Your Privacy in a Data Surveillance Age.