Yes, if they have no agency then I would expect them to ban customers violating privacy laws. Doubt that happened. More than likely, the entire ad industry end to end, is a actively searching for and excuting on opportunities to generate revenue by raping user privacy.
> Taxpayer data was also shared with Google, through its own tracking tools — though the firm told lawmakers that it never used the information to track users on the internet, according to the report.
So, they only store a unique id in their user tracking system, but they put the sensitive information in their ad targeting system, then join the data at impression time.
I guess it is good that they don’t stick PII in tracking cookies that they use to interoperate with third parties, but that is an extremely low bar.
