New WSJ report found that 'Near Intelligence', a consumer data broker based in India, Singapore and the US with an office in France, obtained massive amounts of smartphone geolocation data via digital advertising firms like OpenX, Smaato and AdColony and sold it to US defense and intelligence agencies.
Near claims to have access to data about 1 billion mobile devices.
https://wsj.com/tech/cybersecurity/how-ads-on-your-phone-can-aid-government-surveillance-943bde04
The company's general counsel and chief privacy officer in an email to the CEO:
The US govt "gets our illegal EU data twice per day", a "massive illegal data dump".
"We sell geolocation data for which we do not have consent to do so … we sell/share device ID data for which we do not have consent to do so [and] we sell data outside the EU for which we do not have consent to do so"
If this isn't reason for EU data protection authorities to take urgent action than I don't know what is.
Btw. Near Intelligence is part of the IAB TCF 'vendor list', with special feature 'use precise geolocation data'.
As such, the European advertising industry is responsible for millions of Europeans being tricked into pseudo 'consent' for Near's massive data harvesting every day.
In 2021, Near acquired UberMedia, another data broker which sold mobile location data to US national security contractors (https://wsj.com/articles/grindr-user-data-has-been-for-sale-for-years-11651492800).
I wrote about UberMedia in 2020. It stated to obtain location data both via mobile app SDKs and the RTB bidstream in digital advertising, and to sell to 'federal, state, and local governments':
https://twitter.com/WolfieChristl/status/1282760386496913411
UberMedia was also part of IAB Europe's TCF vendor list, but its entry was marked as 'deleted' very recently, on 12 Sept 2023.
Oh my, and in 2020, Near Intelligence acquired Teemo, a French location data broker (https://techcrunch.com/2020/11/19/near-acquires-teemo/), which now seems to be Near's European gateway and French office.
This looks like a total GDPR enforcement fail and a disaster for CNIL, the EU's largest GDPR regulator.
CNIL investigated Teemo's location data harvesting in 2018 but gave it an all-clear after some improvements of its meaningless 'consent' language.
https://cnil.fr/sites/cnil/files/atoms/files/cnil-39e_rapport_annuel_2018.pdf
https://martech.org/data-location-vendor-worked-with-gdpr-regulator-on-data-consent-model-yielding-70-opt-in-rates/
https://adexchanger.com/privacy/french-startup-teemo-appeases-gdpr-regulators-avoids-a-fine/
When Near Intelligence acquired Teemo, its founder and CEO told TechCrunch that his company processes data around the "online and offline behavior of 1.6 billion consumers each month".
He went on to use CNIL's investigation into Teemo to promote it as 'pro-privacy' and 'certified':
"Teemo is very pro-privacy ... They were the first company certified by the French Data Protection Officer as GDPR compliant"
Teemo’s CEO then became Near’s new 'chief privacy officer':
https://techcrunch.com/2020/11/19/near-acquires-teemo/
As of today, Google lists all three companies - Near Intelligence, UberMedia and Teemo - in its lists of global 'certified external vendors' and 'certified' GDPR 'ad technology providers', who may receive data via Google's RTB systems:
https://developers.google.com/third-party-ads/adx-vendors?hl=en
https://support.google.com/admanager/answer/9012903?hl=en
On its website, Near Intelligence clearly states that it obtains data from the RTB bidstream in digital advertising, in addition to 'SDKs embedded within tens of thousands of apps':
https://near.com/privacy/
"Near uses location intelligence from several sources. This data comes from various partners via Real Time Bidding (RTB), including both Bid requests and SDK data" (https://near.com/uk/platform/).
Near Intelligence claims to collect smartphone location data about:
- 31 million people in the UK
- 40 million people in France
- 152 million people in Europe
It creates 'consumer profiles' and states to 'identify key elements' like 'home location', 'workplace' and 'places frequented'.
According to Near's privacy policy, its 'Data Protection Officer' is Christoph Bauer (https://near.com/uk/privacy-policy/#services-policy), who appears to represent many adtech firms and data brokers including LiveRamp (https://liveramp.fr/website-and-marketing-privacy-policy-nl/), Eyeota (https://www.eyeota.com/privacy-center-contact-us), AdColony (https://www.adcolony.com/privacy-policy/) and Cheetah Digital (https://www.cheetahdigital.com/website-privacy-policy/).
His German firm ePrivacy GmbH awarded Near Intelligence this strange 'ePrivacyseal EU' (which is of course unrelated to EU ePrivacy law):
https://eprivacy.eu/en/customers/awarded-seals/company/near-pte-ltd/
The WSJ article (https://wsj.com/tech/cybersecurity/how-ads-on-your-phone-can-aid-government-surveillance-943bde04) explains how location data flows from mobile apps and digital advertising firms via Near Intelligence to US federal contractors nContext, Bazze and Aelius, who have contracts with the US Department of Defense, NSA and other agencies.
nContext, one US federal contractor that bought mobile location data from Near Intelligence and has contracts with DCSA, NSA and USAF, poses as a marketing firm, but is a subsidiary of the defense contractor Sierra Nevada.
Bazze, another US federal contractor that bought smartphone location data from Near Intelligence and has contracts with the US Department of Defense, according to the WSJ, openly offers a commercial location mass surveillance system for 'government customers'.
I wrote about it in another thread:
https://mastodon.social/@wchr/111247339057205790
@wchr
Let's stop calling it data brokerage and call for its real name: surveillance.
@wchr
I'm never going to click 'accept all' ever again!!