Cassidy raises concerns about online advertising exchanges and protection of personal data

U.S. Sen. Bill Cassidy (R-LA), working to protect Americans’ private data, has contacted major companies that operate digital advertising auction services to understand how foreign governments could exploit that information.

Joined by five Democratic senators, Sen. Cassidy wrote letters on April 1 to eight company executives regarding the national security risks posed by the unrestricted sale of American citizens’ data to foreign companies and governments. The letter was sent to AT&T, Index Exchange, Google, Magnite, OpenX, PubMatic, Twitter, and Verizon.

The lawmakers are seeking information about the auction process used to place targeted digital advertisements. Although for most online ads, only one company wins an auction through real-time bidding, all of the companies participating in the auction receive information about the recipients of the ads. That type of personal data includes IP addresses, age, gender, cookies, and web browsing, and location data, according to Sen. Cassidy’s office. 

“Few Americans realize that some auction participants are siphoning off and storing ‘bidstream’ data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments,” the senators wrote.

The lawmakers cited multiple reports that indicated that several federal agencies have purchased personal data from mobile apps and other online services over the last year. 

And the senators noted that the United States is not the only government with an interest in acquiring Americans’ personal data.

“This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns,” Sen. Cassidy and his colleagues wrote. 

Among several questions posed, the senators asked the eight firms to identify each company, foreign or domestic, that the firm provided bidstream data to in the past three years that is not contractually prohibited from sharing, selling, or using the data for any purpose unrelated to bidding on or delivering an ad.