British charities are sharing information about people visiting their websites with adtech data brokers, according to a report.
The Pro Privacy campaign group claims that 21 of the UK’s “top 100 charities” have shared web visitors’ data with adtech companies, with those charities including the British Heart Foundation, the NSPCC, mental health charity Scope and Amnesty International.
The alleged badness boils down to charity websites having tracking beacons embedded within them, little snippets of code that tell an advertiser who opened a particular website or webpage. By cross-referencing those phonings-home, adtech companies can track one’s browsing history. Nothing is illegal or rare about the practice, though it may surprise some to find that these beacons are on charity websites as well as those of for-profit businesses.
“This 'data' includes the specific page being visited as well as other technical attributes, both of which can be used to build highly detailed profiles of UK citizens. This data is then re-shared by companies within the AdTech industry and it is almost impossible to understand where personal data ends up or how it might be used,” claimed Pro Privacy’s Sean McGrath and Andreas Theodorou in a statement.
The duo also claimed that a third of Britain’s charity websites “contain trackers belonging to real-time-bidding platforms” where companies pay, in a high-speed and automated way, for opportunities to serve ads to targeted segments of potentially interested customers.
Websites hosting these trackers were said to include information about child abuse, disabilities, domestic violence and more.
Pro Privacy’s investigation consisted of viewing more than 82,000 domains “to detect third party HTTP requests and cookies” and analysing the resulting traffic through a combination of webxray, an open source third-party web content analysis tool, and an in-house tool run on an AWS Lambda environment.
Why are charities doing this? According to the campaigners, it’s all about filthy lucre: “At a basic level, charities want to capture certain data about their users so that they can later be retargeted for advertising. For example, "Charity A" might want to target female visitors in their 60s with an income of £40,000+ that have clicked on the 'donate' button in the past 6 months.”
Third Sector, a magazine for charity professionals, recently reported that “charity fundraising campaigns would need to demonstrate that they were sympathetic to the financial concerns many donors might have.” Meanwhile, London business freesheet City AM cited a study claiming charities nationwide could suffer up to 60,000 coronavirus-induced job losses.
The tone of Pro Privacy’s report bears a lot in common with the crusade led by those behind the Brave browser against the adtech industry. Maker Brave Software has claimed that adtech firms including Google are breaching EU data protection laws by trading large volumes of detailed information about people in an opaque way.
Pro Privacy's report is on its website. ®