On Monday, the U.S. Federal Trade Commission released its final report outlining recommendations for how businesses and the government can better protect user privacy. While the report covers a wide range of areas, one of the most interesting sections covered so-called “data brokers.” The FTC recommends that Congress enact legislation that would require these shadowy companies to reveal to Web users what they know about them, and how that information can be used. Since any such legislation is, if anything, a long way off, we’ve put together a quick guide to the disturbing data broker industry.
What is a data broker?
While the FTC tells us that it doesn’t have an official definition of a data broker, Commission Chairman Jon Leibowitz on Monday described data brokers as “entities that buy and sell consumer data.” More specifically, these companies (sometimes called information brokers or data vendors) are generally any business that gathers information on individuals, organizes and packages that info, and then sells that data to another party. The types of companies on this list include catalog companies, credit bureaus, media archives, ad networks, analytics companies, people finder websites, and more.
Where do they get their information?
The data collectors, as they are called, range far and wide. They include: the Department of Motor Vehicles, courts, police records, and other government agencies, airlines, credit card companies, retail stores, mobile providers, cable and satellite companies, insurance agencies, banks, stock companies, hospitals, doctors, pharmacies, search engines, websites, and social networks.
What dirt do they have on me?
More than you can imagine. As mentioned, a lot of the personal information gathered by data brokers comes from public archives. This includes a vast array of information, which can vary from company to company. Most often, the data includes:
- Full name
- Home address
- Mailing address
- Email addresses
- Telephone numbers
- Age/date of birth
- DMV records (moving violations, fines, etc)
- Court records
- Arrests (especially sexual offenses)
- Birth certificates
- Marriage certificates
- Death certificates
- Property records
- Voting records
- Concealed weapons permits
- Social Security Number (for some parties, like banks)
The types of information that data brokers can access from public and semi-public records depends on state laws, which may be more or less strict, depending on where you live. But that is not the only source of their information. In our age of constant, ubiquitous over-sharing, data brokers are able to amass such a staggering amount of information on you — then hand that data over to whomever is willing to pay for it — that you might never want to use the Internet ever again. That information includes (but is not necessarily limited to):
- Every website you visit (via tracking cookies)
- Google searches
- Forum comments
- Blog posts
- Search results that include your data
- Aliases, usernames, nicknames
- Online purchase history
- Data about your Facebook friends
- Facebook likes
- Geolocation data (via mobile apps)
To some of you, this is an obvious list — of course what you say and do online is public, and could come back to haunt you. While that may be true, it doesn’t make the business of data brokers any less troubling. If you ask us, it makes it more so: Rather than all of this information being disbursed across the Web (or hidden away in filing cabinets in various office buildings), data brokers go through the laborious task of linking all of it together into a neat little package, which they sell. So if, for example, you say something on an online forum about your medical history, that information can be linked to your real name by a data broker, even if you used a nickname to post the info.
In essence, data brokers are Big Brother. They watch everything you do, and make a profit off of it. Watch a video by Reputation.com about data broker collection below:
Who buys this information from data brokers?
According to the FTC, customers who buy this information are wide ranging, and include: individuals, media organizations, banks, employers, marketers, lawyers and private investigators, the government (all levels), and law enforcement. In short: anyone who wants to pay for the data can get it.
It’s one thing if the customer buying your data is a potential employer, or even a lawyer or law enforcement agency. Unfortunately, data broker customers also include scammers and identity thieves, who aren’t just trying to find out if you’ve done something illegal in the past, or have a distasteful commenting history.
Can I stop these companies from collecting and selling my data?
Not entirely. While a good number of data brokers have opt-out polices, many more do not. Some services, like Reputation.com, will scrub unwanted, inaccurate, or damning information from the Web — but that will cost you a heaping chunk of change (think thousands of dollars). And even though it’s always a good idea to be extremely careful and cognizant about what information you post online — and to use tools (like Do Not Track, Tor, and others) to help you browse more anonymously — dropping off the grid will only do you so much good, since much of the information comes from governmental records, over which you have nearly no control.
Does the government plan to do anything about this?
At present, data brokers are completely legal, even if they are shady. In the FTC’s report, the Commission recommends that lawmakers enact “targeted legislation” that makes it easier for consumers to see what types of information data brokers have on them. The FTC also recommends the creation of a central database, where data brokers can “identify themselves to consumers and describe how they collect and use consumer data,” as well as explain how that information can be used. For now, however, you’re on your own.
So, who are these companies, anyway?
Some companies that are considered data brokers you may have heard of, and sound rather innocuous, like MyLife.com, Peek You, or MSN White Pages. But there are hundreds more that fly conveniently under the radar. Fortunately, Privacy Rights Clearinghouse, a privacy advocacy group, has compiled a comprehensive list of online data brokers, available here. PRC also provides links to the sites’ terms of service, privacy polices, and tells you whether or not they have an opt-out policy in place.
The Internet is an amazing tool. But it has reshaped the way the world works, in good ways and bad. One of these bad ways — at least, if you’re concerned about your privacy — is the ease with which data brokers can create these staggeringly robust profiles on all of us. So remember, you’re being watched. Be careful what you say, who you talk to, and what you do online. Nearly none of it is private, whether you think so or not.