A new report released by GDPR and ePrivacy consulting firm Cookiebot said that more than 112 commercial companies are harvesting this information and tracking us through EU government portals and public services.
Once this data is collected, it may end up in possession of data brokers both in and outside of the ad network industry.
The examination of public sector websites across the EU found that 89 per cent of official government websites of EU member states contains third-party ad tracking -- despite these websites not requiring ad support to run.
Around 25 out of the 28 official government websites in the EU contained ad trackers which may be used to monitor which pages a visitor selects, where they click and hover, as well as the speed and pattern of scrolling.
For example, 52 separate commercial companies target the French government website, and 27 are watching the Latvian government. The Belgian portal hosted 19, and the Greek government domain contained 18 trackers.
When public health services were examined, Cookiebot found that half of the landing pages with health information were found to harbour ad trackers. Irish public health services were the worst, with 73 percent of health-related landing pages containing trackers.
The UK, Spain, France, and Italy followed, with 60 percent, 53 percent, 47 percent containing the same ad tracking technology, respectively.
When it comes to Google, 82 percent of official EU government websites are had Google marketing trackers -- of which, it should be noted, could be legitimate website and analytics tools. Facebook was present, too, with Cookiebot claiming that "Facebook is employing anti-tracking countermeasures to track citizens who use Safari 11's intelligent tracking prevention" on the UK and Irish public health domains.
Google has officially said that it does not permit publishers to use its technology to collect or build targeting lists based on sensitive data.
Facebook said the investigation "highlights websites that have chosen to use Facebook's Business Tools -- for example, the Like and Share buttons, or the Facebook pixel".
"Our Business Tools help websites and apps grow their communities or better understand how people use their services", a Facebook spokesperson added. "For example, we could tell them that their site is most popular among people aged 20 - 25."
It is unlikely that these companies are lurking on government domains legitimately. The new EU General Data Protection Regulation (GDPR), requires users to give the thumbs up to tracking.
Cookiebot says that third-parties are skirting the rules by entering via free services including video plugins and social media sharing buttons. Accessibility plugins and image gallery systems may also be avenues for these trackers to operate.
"Although the governments presumably do not control or benefit from the documented data collection, they still allow the safety and privacy of their citizens to be compromised within the confines of their digital domains -- in violation of the laws that they have themselves put in place", the consultancy firm said.