Every time we use a social network, search Google, shop online, or simply browse the Web, we leave a hearty data trail in our wake. Even when you’re thoroughly logged off – you forgot your smartphone at home, you haven’t looked at Twitter in days – you can still contribute to your data profile by doing something as simple as paying for gas with a loyalty card. Did you add a pack of Orbit gum to that purchase? That’ll go into your profile. Companies called data brokers collect this information from a variety of sources to create horrifically detailed profiles of individuals, like a deranged version of Hansel-and-Gretels, on the hunt for a complete, detailed profile of you instead of a candy house – and you’re leaving behind plenty of bread crumbs to follow.
Just the fact that these companies exist should raise a few hairs on the back of your neck – and now the FTC just sent warning letters to 10 of these companies urging them to review the Fair Credit Reporting Act (FCRA). The FTC issued these warnings after they did a test-shopping investigation, which means they posed as individuals and businesses and asked around to see what companies would offer to do for them, and some of what the services offered violate privacy regulations. What does this mean for your data privacy?
Absolutely nothing good. The FTC’s actions here are a necessary step, but more stringent action is required to actually curb the data brokerage industry. In an ideal world, these letters would absolutely require companies like Brokers Data and U.S. Data Corporation to stop offering consumer information to use in insurance decisions – which is what the FTC says they appear to be doing. And the letters would also make the six companies that appear to offer your information to employers stop doing that. These letters don’t legally compel these businesses, though, so they may take their chances until the FTC actually slams them with a fine.
After all, if they don’t end up getting penalized, the rewards for being in the data brokerage industry are too great. It’s obvious that companies are hungry to use data to inform their marketing campaigns. Data brokerage is booming. That’s why Facebook keeps tightening alliances with three of the largest data brokers in the U.S., Datalogix, Acxiom, and Epsilon. A small consolation is that none of the Facebook-affiliated data brokers received a warning letter. But that doesn’t mean they won’t in the future.
The FTC has the power to fine data brokers who violate the FCRA, and it has in the past. Social media aggregator Spokeo settled with an $800,000 fine for selling information that violated the FCRA. And the FTC isn’t shy about issuing larger fines to big companies that run afoul of privacy regulations, as its $22.5 million penalty settlement with Google illustrates.
So what can be done? Harsh fines are a good first step, but considering the vast potential for profit data brokers have, legislation will probably be more crucial to actually changing the brokerage industry. As Digital Trends’ Andrew Couts wrote earlier this year, “we need laws that empower consumers in the face of big data.” Couts suggested laws like California’s recently proposed bill, “The Right to Know Act 2013,” which would require companies to give up a year’s worth of personal data to people who wanted to see what they’ve collected.
After all, the idea of collecting data that’s been voluntarily thrown into the digital ether isn’t an inherently evil pursuit – it’s more the fact that we aren’t told when and where our data is collected, and that most people don’t realize the extreme reach of these companies, that’s so troubling. At least the FTC warnings help people learn about which companies to investigate and look into ways to opt out of their specific programs.
- The best iPhone apps (September 2021)
- Here’s how I tracked down the people selling my data, then stopped them
- Should Big Tech pay you for your data? It’s possible, but also problematic
- Which apps share your data the most?
- The digital switch that blocks all websites from selling your personal data