Data brokers: Just how much should they know about you?

Managing Partner, IMECS, LLC

Privacy has become a cottage industry. It has cadres of lawyers, policy wonks, conferences, publications, secret societies and talking heads. The majority of their focus has been on the arcane aspects of current laws and policies, End User License Agreement (EULA) legalese, data breaches, the Safe Harbor Agreement and Snowden’s revelations. However, the privacy-related subject where the silence has been deafening until just recently has been that of the data broker or, as I refer to them, data trolls, who by definition are out trolling for all the data they can gather on every consumer, regardless of source and veracity. This has recently changed for the good.

Image courtesy of Wikimedia Commons and is reproduced with permission.

In May of 2014 the Federal Trade Commission (FTC) released their report “Data Brokers: A Call for Transparency and Accountability.” This report has set off quite the firestorm of hyperbole and jockeying for position on all sides of the issue. By way of background, the FTC is the primary agency responsible for enforcing existing consumer privacy laws and regulations. They are typically associated with fraud and unfair trade practices, but now find themselves at the tip of the spear when it comes to the big data, analytics, privacy debate and related potential legislative activity.

I find it fascinating to watch this all play out and see the lack of focus on the central issue itself. Data brokers know virtually everything about every consumer (and business) in the US (much less the entire western world) and use this information to support their clients in analyzing and targeting consumers on all fronts. Data brokers work in a secretive and unregulated industry that mashes together numerous sources of data on consumer activities and behaviors for use in profiling, targeting, predictive analysis, model scoring and other activities (many of which are not currently known or well understood). They then sell this aggregated or derived information to all types of clients who, in most cases, then augment it with their own data to perform deeper inference analysis, modeling and scoring, all unbeknownst to the consumer.

Needless to say, this is totally Orwellian in the minds of most privacy advocates, much less the consumer when they ultimately come to understand the pervasive use of this uncontrolled “power to know.” In spite of this, the vehement defense of the data broker and their activities has now risen to the sublime with a recent pronouncement from one of their customers (Epsilon, who, by the way, has been responsible for major data breaches in the past exposing countless millions of customer data to hackers and to the public at large) that “consumers should forget about privacy and just let us have all your data and in return we will give you great things to buy at the best prices.”

They went further to say that the “government is out to scare you with all of this talk about privacy.” Really? If this were not such a totally irresponsible statement it would be laughable. 

We are a long way from seeing new laws and regulations on the use of consumer data by entities such as data brokers and their customers. For now we have to rely on the existing tools that the FTC and other agencies have such as the Fair Credit Reporting Act (FCRA), The Privacy Act and others. I encourage everyone to read the FTC’s manifesto on data brokers and form their own opinions, but as I have written in the past it is the issue of privacy which with either enable or scupper altogether the potential for big data and analytics that we are all invested in.