Data brokers are enigmatic companies that collect and sell personal information from public and private domains, social networks, browsing histories, and demographic censuses. They not only sell data but also offer customized analysis services. The line between data brokers and tech giants like Google and Facebook is often blurred [f10ecaa2]. The global data brokers market reached $240 billion in 2021 and is expected to grow to $462 billion by 2031 [f10ecaa2]. Some of the biggest data brokers include Acxiom, Experian, Equifax, CoreLogic, Epsilon, and LexisNexis [f10ecaa2]. They collect and store various types of information, including psychographic profiles, which are used for targeted advertising and tailored financial products [f10ecaa2]. The data is obtained from online forms, cookies, and WiFi networks [f10ecaa2]. The European Union's General Data Protection Regulation (GDPR) aims to protect user privacy, but there are loopholes that allow data brokers to operate outside the EU [f10ecaa2].
In the new era of social media, privacy concerns persist despite the rise of new platforms. Elon Musk's takeover of Twitter has not alleviated these concerns, as advertising revenue on the platform has declined significantly [c856a0d4]. Meta, formerly known as Facebook, has also faced fines and settlements for its failure to protect user data, further eroding trust in social media platforms [c856a0d4]. The use of automated tools by these platforms often leads to discriminatory results, exacerbating privacy concerns [c856a0d4]. Privacy policies and practices are often convoluted and difficult for users to comprehend [c856a0d4]. While newer platforms like Bluesky and Mastodon offer greater privacy, there are no legal requirements for them to do so [c856a0d4]. Meta's platform, Threads, collects sensitive user data, adding to the privacy risks [c856a0d4]. Attempts to regulate data collection have been fragmented and limited, with state-level laws and individual enforcement actions driving change [c856a0d4]. The American Data Privacy and Protection Act remains in a state of uncertainty in Congress [c856a0d4].
Data brokers, such as Kochava, are also contributing to privacy concerns. The Federal Trade Commission (FTC) has filed a complaint against Kochava, accusing the company of amassing and selling sensitive information about consumers without their consent [75db366b]. The FTC alleges that Kochava's database includes products capable of identifying nearly every person in the United States, allowing advertisers to trace individuals' movements and target them based on specific characteristics or attributes [75db366b]. The unsealed court filing contains evidence of the widespread pattern of unfair use and sale of sensitive data by data brokers [75db366b]. The lack of consequences for data brokers and skepticism about the effectiveness of the legal system in addressing the issue are highlighted [75db366b]. The article also questions whether separate consent forms for sensitive information should be required from companies like Google and Apple [75db366b].
A study conducted by Duke University's Sanford School of Public Policy explores the data brokerage ecosystem and the sale of data about U.S. military personnel, highlighting the risks to national security [10a57459]. The study found that data brokers gather and sell sensitive information about military personnel, including health data, financial data, and religious practices [10a57459]. The lack of industry best practices and regulation within the data brokerage ecosystem raises concerns about the potential exploitation of this data by foreign adversaries for profiling, blackmail, and information campaigns [10a57459]. The study recommends the implementation of a comprehensive federal consumer privacy law and additional national security controls to address these risks [10a57459]. It also suggests measures such as restricting the sale of data related to government employees and implementing controls in defense contracts [10a57459]. Regulatory agencies like the Federal Trade Commission and the Consumer Financial Protection Bureau are urged to enforce rules and gather information about data brokers' practices [10a57459]. Congress is called upon to provide funding for enforcement and pass legislation to protect the privacy and national security of military personnel [10a57459].
California Senate Bill 362, also known as the 'California Delete Act,' aims to establish an online portal for consumers to request the deletion of their data from data brokers. Data brokers collect personal information without explicit consent and may use it in ways that don't align with individuals' best interests. The lack of knowledge about what information data brokers collect and how they use it makes it difficult for individuals to control their personal information. The existence of the portal would increase awareness and education about personal data rights, potentially reducing targeted advertising. The activities of data brokers raise concerns about privacy, security, transparency, and ethics, leading to calls for stricter regulation of the industry [26ed30ac].
Grocery stores are now joining the ranks of data brokers, collecting and selling consumer data without their knowledge or consent. This practice, known as 'data fatigue,' leaves consumers feeling helpless [7d751f57]. Retailers are directly acquiring consumer data through loyalty programs, location tracking, app usage, and digital receipts [7d751f57]. The value of this data market is expected to reach $545 billion by 2028 [7d751f57]. Consumers' personal information, such as their faces, behavior, age, gender, and ethnicity, is being combined to create detailed profiles [7d751f57]. This shift towards data brokering by grocery stores is seen as a new revenue stream for retailers [7d751f57].
The US National Security Agency (NSA) has been quietly collecting commercially available web browsing data on Americans without a warrant. The NSA purchases various types of data from data brokers for foreign intelligence, cybersecurity, and authorized mission purposes. The agency focuses on 'netflow data' that reveals the flow and volume of internet traffic. The NSA did not disclose the names of the data brokers it buys data from or the amount of money it spends on these purchases. The practice of intelligence agencies buying commercially available data has been acknowledged by the Office of the Director of National Intelligence (ODNI) and has implications for privacy and civil liberties. Senator Ron Wyden is calling for stricter guidelines and transparency regarding the data bought by the NSA. The legality of this practice is a thorny legal question, as government agencies argue they do not need a warrant if the information is openly for sale. Wyden demands that any data bought about Americans meets the FTC's standards for legal sales or be scrubbed from the NSA's servers [28b30734].
The digital economy has introduced a new concept called partial data barter, where firms provide consumers with goods or services in return for monetary payment and the harvesting of their usage data. This practice has implications for measuring the size of the economy, assessing firm competition, and privacy regulations [6ed6aa95]. Most firms are not stealing data but rather paying for it with price discounts, suggesting that policies should focus on differential privacy pricing and the terms of data trade rather than prohibiting data usage [6ed6aa95]. The value of free digital goods to consumers and the mismeasurement of GDP due to partial data barter are also discussed [6ed6aa95]. The article concludes by highlighting the costs and benefits of privacy policies and the need for regulations that allow for differential pricing based on privacy protection [6ed6aa95].
The Competition Authority of Kenya (CAK) released a report highlighting concerns regarding the handling of consumer complaints and data protection by online food and grocery delivery platforms. The report revealed consumer apprehensions about the potential misuse of their data by apps beyond transactional purposes. The platforms do not give consumers the choice to accept or decline data-related terms and conditions, and declining these terms and conditions results in discontinuation of access to the platform services. This is in contravention of section 56 of the Data Protection Act. The report also noted that some companies redirect complaints to be handled from their headquarters outside Kenya, leading to longer resolution times. Only one delivery platform company headquarters is located in Kenya. The CAK previously raised concerns about individuals defrauding businesses under the guise of being officials from the Authority. They forced entry into business premises, imposed fines, confiscated merchandise, and made false arrests [b3c2d156].
The data brokerage industry collects and sells information about people, but experts warn that some of the inferences made by data brokers are inaccurate and can have serious consequences. Inaccurate inferences can affect web browsing experiences, financial transactions, health and financial decisions, and can lead to privacy breaches and discrimination. Data broker expert Justin Sherman warns that bad inferences can skew scientific research and health insurance plans. Consumers can check the inferences made about them by making subject access requests directly with data brokers. The reliance on cookie files for tracking web browsing habits contributes to the problem. Geolocation data is accurate and damaging, leading to privacy concerns. Academic studies have shown that third-party data broker inferences can be wildly inaccurate. The industry is already showing signs of battle fatigue, with some data brokers reducing pricing for their audience data sets. The phasing out of third-party cookies by Google poses a threat to many third-party brokers. There is a nascent industry dedicated to helping data brokers improve the quality of their data. Advertisers are slowly catching on to the problem, and privacy regulation and the disappearance of cookies are further challenges for third-party data brokers [5c1cae3c].
Recent analysis by Caitlin Chin highlights the unregulated nature of the data brokerage industry and its implications for national security. The report emphasizes that the U.S. lacks a legal definition for data brokers, complicating regulation and increasing the risk of foreign exploitation of personal data, particularly by nations like China and Russia [06d45427]. The absence of comprehensive regulations leaves U.S. citizens vulnerable to privacy breaches that can lead to significant harm. As the U.S. laws lag behind those in the EU and Canada, there is an urgent demand for legislative updates to protect personal information and national security [06d45427].