Real-Time Bidding (RTB) is a powerful tool for dynamic ad placement, but it comes at a steep privacy cost. Here's the short version:
- RTB systems share user data like location, device IDs, and browsing history with hundreds of companies during every ad auction.
- On average, U.S. user data is exposed 747 times daily, leading to risks of profiling, surveillance, and misuse.
- Regulatory bodies like the FTC and GDPR are cracking down on data misuse, imposing fines and stricter rules.
- Privacy-preserving technologies like differential privacy, encrypted bidding, and Data Clean Rooms are emerging as solutions.
- Marketers are shifting to first-party data strategies, which improve performance while adhering to privacy laws.
The takeaway? Balancing ad performance with user privacy is now a critical focus for advertisers. Keep reading for a deeper dive into the risks, regulations, and solutions shaping the future of RTB.
Real-Time Bidding Privacy Risks: Key Statistics and Data Exposure
Privacy Risks in Real-Time Bidding
Personal Data Exposure in Bid Requests
Real-Time Bidding (RTB) auctions present significant privacy challenges, primarily due to the sheer volume of user data exposed during the process. Each auction shares detailed information with hundreds of companies, including IP addresses, precise GPS coordinates, unique device identifiers (like IDFA for iOS and AAID for Android), browser details, screen size, and even the exact URL or app a user is viewing. By combining these data points - a process often referred to as "data fusion" - RTB systems can infer deeply personal details. This includes health conditions (e.g., depression or HIV status), religious beliefs, sexual orientation, political affiliations, and even financial struggles. Companies like LiveRamp and Acxiom amplify these risks by maintaining extensive identity graphs that unify user data across devices like laptops, smartphones, and smart TVs, creating persistent profiles of individuals.
The Federal Trade Commission (FTC) took action in December 2024 against Mobilewalla, a data broker that collected precise location data from RTB auctions without ever placing ads. Mobilewalla reportedly tracked over a billion individuals, mapping visits to healthcare facilities, churches, and labor unions. The FTC emphasized the sensitivity of location data, with staff stating:
"Location data is sensitive data, full stop. Location data can reveal where we live, work, and worship, where we seek medical treatment, and even our presence at a protest".
As part of the settlement, the FTC introduced a groundbreaking provision: it prohibited data retention from auctions for purposes beyond active bidding.
The risks tied to RTB aren't limited to commercial misuse. In January 2025, the Electronic Privacy Information Center (EPIC) and the Irish Council for Civil Liberties (ICCL) filed a complaint against Google under the Protecting Americans' Data from Foreign Adversaries Act. The complaint accused Google's RTB system - operating on 35.4 million websites - of exposing sensitive data about U.S. military and intelligence personnel to foreign entities, including 12 recipients with "Beijing" in their names. A Google executive admitted in 2014 that the company has limited control over how buyers use the data:
"Tough because we mostly send data, not ingest".
Automated Decision-Making Concerns
The automation behind RTB further complicates privacy concerns. Bid requests are processed in under 100 milliseconds, broadcasting user data to thousands of advertisers before individuals can provide informed consent. This rapid auction model encourages publishers to gather as much granular data as possible, as more detailed bid requests tend to attract higher bids. Unfortunately, there are few safeguards to prevent losing bidders from retaining and misusing this data for profiling or surveillance.
Research highlights the scope of this issue: 52 companies can track 91% of a typical user's browsing history through RTB auctions. This level of access has led to troubling practices. For instance, predatory lenders utilize bidstream data to target individuals identified as financially vulnerable, while data brokers monitor location patterns to track political activists and union organizers.
The Electronic Frontier Foundation summed up the system's inherent flaws:
"RTB is a surveillance system at its core, presenting corporations and governments with limitless opportunities to use our data against us".
These risks pose a direct challenge for PPC marketers, who must navigate the balance between optimizing bids using top PPC tools and adhering to evolving privacy regulations while meeting user expectations.
sbb-itb-89b8f36
Regulatory Requirements and Compliance
GDPR and Global Privacy Standards
The General Data Protection Regulation (GDPR) has significantly altered how Real-Time Bidding (RTB) operates worldwide, requiring explicit consent that complies with GDPR standards. Under this regulation, processing personal data must have a lawful basis, and regulators have emphasized that relying on "legitimate interests" is often unsuitable for RTB due to its intrusive nature. Consent must be explicit and informed, rendering implied consent unacceptable. Adding to the challenge, the intricate nature of RTB makes it nearly impossible for first parties to inform users about all third-party recipients of their data, violating GDPR's "right to be informed".
The scope of RTB data sharing is staggering. On average, an EU user's data is broadcast 376 times daily, while U.S. users face approximately 747 daily exposures. Additionally, RTB algorithms are prohibited from processing sensitive data - such as information on religion, health, or political views - without explicit consent, which is nearly impossible to secure given RTB's millisecond processing speed.
In February 2022, the Belgian Data Protection Authority penalized IAB Europe for its Transparency and Consent Framework (TCF), ruling it non-compliant with GDPR. The authority highlighted recurrent RTB violations and imposed a €250,000 fine, with additional daily penalties of €5,000 for continued non-compliance. This action reflects the ongoing tension between maintaining operational efficiency and adhering to strict data protection laws in real-time advertising.
While GDPR sets the standard in Europe, similar regulatory scrutiny is emerging in the United States.
FTC and ICO Findings on RTB Privacy
In the U.S., regulators are ramping up their oversight of RTB practices. In December 2024, the Federal Trade Commission (FTC) took action against Mobilewalla, introducing settlement terms that limit bidders to using consumer data strictly for the auction in which they participate. FTC staff from the Office of Technology remarked:
"Ad auctions are designed to broadcast data widely and shelter bad actors".
The FTC found that losing bidders often retain user data and repurpose it for secondary profiling, as there are no technical controls to prevent such misuse. This creates an environment where bidders are incentivized to request maximum data - like precise location information and cookies - to increase ad valuations.
In April 2025, the U.S. Department of Justice (DOJ) took a major step by designating RTB data as a national security concern. The new rule restricts the cross-border flow of sensitive personal data to specific countries, defining "bulk" data as 100,000 or more unique advertising IDs or 1,000 or more instances of precise geolocation data. Companies must implement contractual safeguards and auditing measures by October 2025. Mandy Lit, Director of Privacy and Compliance, aptly summarized the issue:
"Real-time bidding leaves every participant holding something: your data".
These regulatory measures demand that PPC marketers rethink their strategies and compare PPC bid management tools to ensure compliance while maintaining data utility. The ICO advises that contracts alone aren't sufficient; they must be paired with active monitoring and technical safeguards to prevent misuse of bidstream data. Additionally, organizations are required to conduct Data Protection Impact Assessments (DPIAs) due to the high-risk nature of RTB.
Privacy-Preserving Methods for Bid Adjustments
Differential Privacy and Anonymization
With stricter global privacy regulations in place, new strategies are being developed to protect user data during bid adjustments. One of the most effective tools is differential privacy (DP), which works by adding carefully calibrated noise to data. This ensures individuals cannot be identified while still maintaining the overall accuracy of aggregate data.
There are two main types of differential privacy: event-level and user-level. Event-level DP focuses on protecting single actions, such as one click or conversion. On the other hand, user-level DP offers broader protection by safeguarding an entire user’s interaction history with a campaign. Researchers from TikTok Inc. highlight this distinction:
"User-level DP protects whether a user engaged with the ad campaign at any point, providing stronger protection".
In May 2025, TikTok Inc., in collaboration with Duke University and Penn State University, introduced AdsBPC, which improved measurement accuracy by 33% to 95% while maintaining privacy standards. This algorithm optimizes how noise is applied over time, ensuring efficient use of the privacy budget.
Another emerging solution is oblivious bidding, where user data is encrypted before transmission. This allows bid calculations to occur without exposing individual identities. Studies show that these protocols can complete auction processes in just 550 milliseconds, meeting the demands of real-time bidding.
These advancements pave the way for practical applications in campaign optimization, blending privacy and performance.
Implementing Privacy-Preserving Technologies
Successfully applying these privacy techniques requires precise configurations to strike a balance between data privacy and campaign effectiveness. A key component is managing sensitivity budgets, which determine how much noise is added. For example, Chrome's Attribution Reporting API assigns a sensitivity budget of 65,536 to each ad interaction, limiting the total contributions to protect user data.
The Many-Per-Click (MPC) limit is another crucial factor. It balances the number of conversions captured against the level of noise introduced. Businesses with frequent repeat purchases might benefit from higher MPC limits, while subscription-based models may prefer an MPC of 1. As Google Ads experts explain:
"Intelligent configuration is important to obtaining optimally accurate attribution data".
To further refine data accuracy, marketers can use hierarchical aggregate structures. These structures organize data into a tree-like format, allowing for queries at different levels of detail. For instance, broad campaign-level data can be accessed with high accuracy and low noise, while more detailed keyword-level data involves higher noise. This approach enables precise bid adjustments while still offering granular insights when needed.
In August 2024, ByteDance Inc. introduced a new framework called Spending Programmed Bidding (SPB). This two-stage system separates long-term spending strategies from real-time bidding. During trials on a major ad platform, SPB outperformed traditional methods like PID control and reinforcement learning, particularly in privacy-restricted environments like Apple’s SKAdNetwork. SPB addressed challenges like 48-hour reporting delays and coarse attribution by focusing on broader spending goals rather than immediate conversion data.
Another challenge is privacy budget depletion, which can occur when malicious actors deliberately exhaust a user’s budget, disrupting legitimate data collection. To counter this, marketers can implement quota budgets with batched scheduling, reallocating unused capacity to prevent denial-of-service attacks.
Impact on PPC Marketers
Personalization and Privacy Compliance
Privacy concerns in real-time bidding (RTB) have pushed PPC marketers to find a delicate balance between safeguarding user privacy and maintaining campaign performance. While automation now handles much of the real-time execution, marketers are tasked with setting clear goals, ensuring data accuracy, and interpreting AI-driven insights effectively. This shift has been largely influenced by privacy regulations that limit how user data can be collected and used.
Google's Privacy Sandbox, through its Topics and Protected Audience APIs, allows for interest-based targeting and on-device remarketing. These methods have proven to deliver 86.4% of the click-per-dollar efficiency of traditional retargeting . Additionally, Secure Server Technology (SST) shifts data collection from browsers to secure servers, enabling marketers to anonymize or filter out personally identifiable information before it reaches third-party ad platforms. This ensures compliance with GDPR and CCPA while preserving data quality. When paired with Value-Based Bidding (VBB) - which focuses on high-value customers rather than sheer conversion volume - marketers can achieve better results using consented first-party data.
These privacy-forward strategies are paving the way for more effective use of first-party data in bid optimization.
Using First-Party Data for Bid Optimization
As privacy regulations evolve, marketers are increasingly turning to first-party data to refine their bidding strategies. Using first-party data can lead to a 2.9x revenue boost and improve conversion rates by up to 30%. By 2026, over 80% of marketers are expected to shift their paid media strategies to emphasize first-party data.
A great example comes from a retail apparel brand that introduced a loyalty program, collecting preference data from over 130,000 customers. By activating these custom segments through tools like Google Customer Match and Meta Custom Audiences, the brand saw a 46% increase in campaign ROAS and reduced cost per acquisition by 28%. Similarly, a SaaS company leveraged website signups and event registrations to create an intent-based account list for LinkedIn Ads, increasing pipeline velocity by 35% and achieving conversion rates 2.2x higher than average.
"In 2026, advertisers that prioritize building robust first-party data assets will own the customer experience - and outperform competitors across every key metric." - Expert Insight, Admocker
Data Clean Rooms, like Amazon Marketing Cloud (AMC), provide a secure environment for analyzing pseudonymized first-party data alongside platform data. These tools allow brands to gain deeper insights without exposing proprietary information . Zero-trust practices, such as encrypting data in transit and at rest and implementing strict role-based access, help build user trust and ensure compliance. With GDPR fines exceeding $45 million in 2025 alone, adhering to these standards is not just a legal requirement but also a financial imperative. These measures offer a dual benefit: simplifying compliance while giving marketers a competitive edge in the ever-changing digital advertising landscape.
Real Time Bidding RTB: How advertising interacts with your privacy
Conclusion
Privacy concerns in real-time bid adjustments are reshaping the landscape of PPC marketing. The sharing of bidstream data with multiple bidders exposes sensitive user details like location, IP addresses, and device IDs, raising serious privacy issues. As discussed earlier, this extensive data sharing has enabled widespread tracking of user behavior.
These risks have prompted strong regulatory responses. In 2025, GDPR penalties topped $45 million, the FTC took action against unfair data practices, and the settlement for the In re Google RTB Consumer Privacy Litigation was estimated to range between $1.4 billion and $21.6 billion over three years. In response, new tools like Google’s "RTB Control" now give users the ability to remove encrypted IDs and IP addresses from bid requests, effectively limiting personalized targeting for those who opt in. This shift is evident in the decline of open-web display impressions, which dropped from over 40% in January 2019 to just 11% by January 2025.
To stay ahead, marketers are turning to privacy-preserving technologies and first-party data strategies. Differential privacy algorithms, such as AdsBPC, have shown they can improve measurement accuracy by 33% to 95% while safeguarding user identities. Other approaches, like contextual advertising, Data Clean Rooms, and enhanced user-level privacy protections, offer effective ways to balance ad performance with regulatory compliance.
The adoption of these advanced privacy measures and first-party data strategies is reshaping the digital advertising ecosystem. The industry is moving toward alternative formats like Connected TV and Retail Media, with spending on the latter projected to hit $60 billion by 2025. Building transparent, consent-driven relationships with users will be key for marketers aiming to adapt to these changes, ensuring strong performance while reducing legal and compliance risks.
FAQs
What data is shared in an RTB bid request?
When an RTB bid request is sent, it contains user-related data like the IP address, details about the ad slot, and device information. Additionally, it includes contextual data that advertisers rely on to decide whether to place a bid - such as a unique request ID. This combination of information ensures that real-time ad targeting is possible while meeting the technical demands of the bidding process.
How can marketers stay compliant if losing bidders keep bidstream data?
Marketers can maintain compliance by adopting strict privacy measures to manage and protect sensitive bidstream data. This involves several key practices:
- Limit access to sensitive information: Restrict who can view consumer details, such as location data, to reduce risks.
- Use privacy-focused technologies: Implement tools and methods that prioritize user privacy.
- Audit data flows: Regularly review how data is collected, stored, and shared to ensure transparency and security.
Additionally, staying compliant means aligning with relevant legal actions and settlements that govern data-sharing practices. Data should only be used for legitimate purposes, avoiding any activities that could breach privacy standards in real-time bidding processes.
Which privacy-safe bid optimization methods work best with less user tracking?
To optimize bids while respecting user privacy, advertisers can rely on tools like privacy-preserving advertising APIs. For example, Privacy-Preserving Attribution (PPA) uses encrypted reports and techniques like differential privacy to protect user data while still providing actionable insights.
Another approach involves privacy budget management systems, such as Big Bird. These systems maintain privacy by enforcing quota limits and batching schedules, minimizing the need for direct user tracking. This ensures advertisers can achieve effective results without compromising privacy standards.
