Data brokers. It seems these days they’ve earned a reputation as the invisible enemy, something akin to airborne illnesses. We can’t see them; we don’t know what they look like or where they lurk, but we don’t want them to catch us. That’s all we know.
Data brokering has become so pervasive and some of its practitioners so allegedly nefarious that it’s been the subject of several inquiries by politicians and regulators. But not all data brokers are selling your DNA profile on the black market, and there are ways data brokers can operate ethically and in ways consumers would be comfortable with. That was the message from Thursday's IAPP Privacy Academy and CSA Congress panel session, “Data Brokers Demystified.”
Earlier this year, the Federal Trade Commission (FTC) released a paper on data brokers, as FTC Senior Legal Advisor Janis Kestenbaum told attendees, and found that by and large, the data broker industry is not operating with enough transparency; data changes hands among brokers more than one might think, and the data that brokers collect comes from a variety of sources, including social media, subscription lists and governmental public records.
The major concerns the FTC had were with the sensitive inferences, and therefore categorizing, that results from data broker lists, Kestenbaum explained—inferences about religion, ethnicity and political leanings, for example. Perhaps more dangerous are the clusters consumers are put in. For example, one list was called “urban scramble” and contained a high concentration of ethnic minorities of low income.
That’s the kind of thing that keeps the World Privacy Forum’s Pam Dixon up at night. Her group has spent a lot of time looking at the several thousands of data brokers on the market, she said, and what’s particularly scary to her are the gaps in regulations on data brokering. The Fair Credit Reporting Act (FCRA), for example, applies to individuals but not groups of people, so credit scores can be used in bulk to make “a variety of important marketplace decisions based on your census track; where you live. Your ZIP code may give you a broad credit score, and the FCRA won’t fix that gap.”
Dixon is interested in exploring the ethical standards of data brokering, and sees this as the way out of the dangerous repercussions of irresponsible data use in an area that isn’t regulated. While the FTC has investigated and Rep. Joe Barton (R-TX), Sens. Ed Markey (D-MA) and Jay Rockefeller (D-WV) have launched inquiries, it might make more sense to nudge data broker companies toward making changes themselves, she said.
She applauded Acxiom Global Privacy and Public Policy Executive Jennifer Glasgow, CIPP/US, for the way her firm offers consumers choice in granular categories on whether they want the data collected on them to exist or not, essentially allowing them to control their “digital exhaust.” She wants that trend to catch fire, and while some brokers allow for that, some also charge for such an opt-out, which Dixon thoroughly dislikes.
Glasgow said not all data brokers are the same; it’s not a homogeneous industry, and it would be a mistake to lump them all together. She agreed with Dixon that there are gaps in the regulations governing data brokers and said self-governing codes, a few of which have already been developed, will be important in closing the gap.
Glasgow said responsible data brokers should do the following:
- Know the data source and have a screening process to ensure the data being purchased was collected with notice and choice;
- Classify data; sensitive or financial information should be held to a higher standard than more innocuous data;
- Be transparent; show every piece of data collected on consumers. Acxiom allows consumers to make changes or delete their data, but only .1 percent of those who visit the site change their data, and only two percent opt out.
“We feel transparency is critically important to this whole industry,” Glasgow said. “We hope others will follow suit and open the kimono.”
If you want to comment on this post, you need to login.