A growing number of lawmakers and regulators have taken significant steps toward reining in businesses that profit from the mass collection and sale of private data.
Data brokers are businesses that collect data related to nearly every aspect of a person’s life, from their financial information to personal identifying data to even where they have traveled. Such data are regularly provided by websites and apps that people visit and use daily, often without realizing how the data are collected and sold to third parties.
HUNTER BIDEN INVESTIGATION: JOE BIDEN’S PSEUDONYMS HID UKRAINE-RELATED MESSAGES INVOLVING SON
Data brokering is unregulated at the federal level, but a bipartisan collection of lawmakers is aiming to change that.
Meanwhile, one federal watchdog agency and one state are taking the first steps toward increasing the guardrails around data collection and businesses profiting from the public’s personal data.
CFPB set to propose rules for brokers
Consumer Financial Protection Bureau Director Rohit Chopra announced on Tuesday that the agency would use its authority to establish rules for data brokers.
Chopra’s focus is mainly on artificial intelligence using data provided by brokers to train their algorithms, creating “financial incentives for even more data surveillance.” He said the area is important because such data could be used for major life events such as getting a loan or being interviewed for a job.
“It’s critical that there’s some accountability regarding misuse or abuse of our private information and activities,” Chopra said.
The CFPB intends to release a proposal next month to place data brokers under the Fair Credit Reporting Act, a 1970 law that holds organizations such as credit bureaus up to standards of fairness and privacy. The proposal would then be presented for public comment in 2024. The details of what these rules will include have not been revealed.
“We desperately need agencies like the CFPB to restrict the information that data brokers peddle to ensure people can participate in society, get the healthcare they need, and exercise their rights,” Caitlin Seeley George, campaigns and managing director for Fight for the Future, told the Washington Examiner. FFTF is a left-leaning technology advocacy organization.
The bureau’s proposal is the broadest effort to regulate data brokers to date, with a particular focus on how it affects one’s financial health.
Massachusetts weighs location data ban
Massachusetts legislators are also considering regulations for data brokers. In June, state Rep. Kate Lipper-Garabedian and state Sen. Cynthia Creem introduced the Location Shield Act, a bill prohibiting the sale of cellphone location data by brokers.
“Our location can reveal who we are, who we love, who we associate with, how we worship, and what our political beliefs are,” Creem told the Washington Examiner. “That makes location data highly sensitive information. For people who are part of religious, racial, political, or sexual minority groups that are frequent targets of violence and discrimination, the sale of their location data can put them at risk of violence or harassment.”
“State and federal laws have not kept pace with the rapid evolution of technology,” Lipper-Garabedian added. “The Location Shield Act aims to update our statutory framework to reflect the digital nature of our lives.”
Massachusetts’s ban is designed to focus on how location data could be used to track and possibly prosecute women who have had an abortion. Some brokers have sold data related to users’ visits to abortion clinics, leading abortion rights advocates to say the tech could be used by police in states with anti-abortion laws to prosecute residents. At least one firm, SafeGraph, sold a week’s worth of location data involving visits to abortion clinics for only $160.
The bill is still in the early stages of consideration, Creem said, as it received a hearing from a state committee and is being reviewed. It has already received an enormous amount of attention in the press. If Massachusetts’s bill succeeds, it will be the first state to ban collecting location data.
The risks of data brokerage
Data brokers have been scrutinized by lawmakers for years as they’ve often been used as a tool to circumvent warrant requests and to target users indirectly.
Data brokering is technically legal but often missed or misunderstood by the public. A brokerage can collect information about the public through several tools. It can buy them from third-party companies, such as a grocery store that has a loyalty program or a credit card provider. It can scrape public databases such as police records for relevant data. It can even directly track users’ activities through popular apps such as Instagram, LinkedIn, and Uber Eats. Whenever a user ticks a box or clicks a button approving data sharing with third-party partners, he or she is likely sharing that data with a broker.
Some of this data tracking is useful, such as Google tracking a user’s location while using the Maps App to improve accuracy. But a lot of the data collections are unrealized by consumers and may be used to their detriment.
Federal agencies have also been acquiring location data through brokers despite being barred from it by the Supreme Court. The Department of Homeland Security has regularly purchased data sets to track users, according to documents released by the American Civil Liberties Union. The DHS then used this data to track millions of citizens without requiring a warrant.
The Centers for Disease Control and Prevention also tracked millions of phones in the United States to see if the public followed COVID-19 lockdown orders.
Attempts at guidelines
Some states have attempted to set guardrails for how this technology is supposed to work. Vermont passed a law in 2018 that requires all data brokers within the state to register in a public database and disclose how they operate. California’s Consumer Privacy Act also allows state residents to request copies of what data are available that mention them.
These rules are limited, as they still allow companies a wide berth to operate around. “People just don’t always do what they claim they’re going to do,” Shane Tews, technology fellow at the American Enterprise Institute, told the Washington Examiner. “They see that something isn’t illegal, and they go further than they probably should.”
Data collection is also highly pervasive in society. “Everything in the digital economy runs on the back of data, which means it’s kind of hard for somebody to say, ‘If you’re gonna let me, I’m gonna get every piece of information I can suck out of you, and I’m gonna sell to somebody,'” Tews noted.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The Federal Trade Commission sued the broker Kochava in August 2022 over its collection of sensitive location data related to visits to abortion clinics and religious locations.
Some members of Congress are pressing brokers over their data collection practices. A bipartisan group of lawmakers, led by House Energy and Commerce Committee Chairwoman Cathy McMorris Rodgers (R-WA), sent letters to leading data brokers Equifax, Oracle, and Whitepages to determine what sort of data they collect and how they use them. Rodgers has spoken out about the need for a national privacy framework that would include regulations for data brokers, but the proposal has not gained traction in Congress yet.