On Tuesday, the FTC announced its plan to turn the tables on “data brokers”—companies that collect information on consumers (like you!) and then sell it to others. Under the FTC’s orders, nine of these data brokers must provide information about how they work, what kind of information they collect, whether consumers are able to review or access data about themselves, and more.
The problem, says Justin Brookman, the director of the Center for Democracy and Technology’s Project on Consumer Privacy, is a notable absence of transparency. As of now, consumers have no way of knowing what information has been collected about them or how. There’s also no way for you to verify that the data about you is correct or to request that private details be removed.
As the FTC notes in a press release, data brokers aren’t entirely sinister: “In many ways, these data flows benefit consumers and the economy; for example, having this information about consumers enables companies to prevent fraud. Data brokers also provide data to enable their customers to better market their products and services.” But their wares can be used in other ways. For instance, the Fair Credit Reporting Act lays out ground rules for how employers can use information on things like bankruptcy in evaluating potential employees. But data brokers may attempt to skirt the law by stating in disclaimers that the information they are selling isn’t governed by the FCRA.
This is the latest in a series of actions intended to bring more transparency to data brokers’ practices. In June, data brokerage firm Spokeo was fined $800,000 for improperly marketing consumer information profiles “to companies in the human resources, background screening, and recruiting industries without taking steps to protect consumers required under the Fair Credit Reporting Act.” The next month, Reps. Edward J. Markey, D-Mass., and Joe Barton, R-Texas, requested information from nine firms. (The FTC action involves some of the same companies that Markey and Barton addressed, but the lists aren’t identical.) In October, Sen. John D. Rockefeller IV, D-W.V., announced an investigation into data brokers’ practices, saying of American consumers, “An ever-increasing percentage of their lives will be available for download, and the digital footprint they will inevitably leave behind will become more specific and potentially damaging, if used improperly.”
What, exactly, is in that digital footprint? It’s hard to say precisely, given how many companies there are and the lack of transparency. “I’m supposed to be a privacy expert,” Brookman told me, but even he isn’t sure where all the information is coming from. Publicly available records are one obvious source, so you can safely bet that some data broker out there knows your address, your date of birth, your arrest record. Then it gets a little more complicated. Your social media information could come into play. Thanks to brand loyalty cards, your profile with a data broker—which is often tied to your email address—might track your purchases. That may sound a little creepy but harmless, but as Brookman notes, it gets more uncomfortable when your health-related purchases from a pharmacy are also included in your record. The FTC said Spoke’s profiles, for one, could include “hobbies, ethnicity, religion, participation on social networking sites, and photos.”
Brookman says that realistically, there’s no way to create any sort of “opt out” from data brokers. What we can hope for instead is something the FTC envisions—a centralized database where you can see who knows what about you. Like that you love cat photos, buy hemorrhoid cream regularly, got a drunk and disorderly citation in college, and prefer organic produce.
