A study cited in the paper notes publisher websites utilize an average of 13.5 (and up to 70 in some cases) third parties. A visit to one popular U.S. tabloid triggered a user interaction with some 352 other web servers, according to a 2014 U.S. Senate subcommittee study of the issue.
Many of those interactions were benign; however, some of those third parties may have been using cookies or other technology to compile data on consumers without their explicit consent, according to the study. Data mined by the practice can include users' interests, browsing history, location, and past-purchase history.
Even anonymous data can be de-anonymized with enough data points. The web is broken, in that we think it's doing one thing (letting people publish content) when it's actually doing something else (surveilling everyone who comes within 100' of a website, and using that data with no oversight or visibility).
For a real eye-opener, try running the Lightbeam Firefox add-on. It builds a visualization of the collusion between websites and data-miners.
Update: Nick Heer pointed out that the Globe and Mail article about privacy-invading trackers had an impressive 18 trackers itself, as reported by Ghostery. Awesome. (It's showing 9 trackers for me now)