In today’s digital age, a vast and largely unseen industry quietly amasses unprecedented amounts of personal information on billions of people. Data brokers, companies that collect and sell this information, operate in the shadows, raising significant privacy concerns amplified by the rise of artificial intelligence. While some brokers operate responsibly, many others skirt regulations, exploiting data in ways that can lead to misuse or harm, leaving individuals with little control over their personal information. This article delves into the world of data brokers, examining their practices, the legal landscape, and strategies individuals can employ to protect their privacy.
Key Takeaways: The Shocking Truth About Data Brokers
- Data brokers collect an average of 1,000 data points per person, including highly sensitive information like financial details, health records, and location data.
- The lack of comprehensive federal privacy laws in the US allows many brokers to operate with minimal oversight, unlike the stricter regulations in the EU.
- Individuals can take steps to protect their privacy, including opting out of data sharing, freezing credit reports, and employing digital hygiene practices.
- The rise of artificial intelligence is expected to further exacerbate data privacy concerns, leading to more detailed and predictive profiling.
- Actively managing your online presence and utilizing available tools is crucial in navigating this complex landscape.
Inside Data Brokers’ Massive Vault: What They Collect
Cybersecurity experts paint a concerning picture. Data brokers are estimated to collect an average of 1,000 data points per individual with an online presence. “It behooves them to collect as much as humanly possible about you,” says Chris Henderson, senior director of threat operations at Huntress, “because the larger the information pool…the higher the cost of that data.” This vast collection includes:
Types of Data Collected
- Basic Identifiers: Full name, address, phone number, email.
- Financial Data: Credit scores, payment history.
- Purchase History: Online searches, purchases, locations, frequency.
- Health Data: Medications, medical conditions, interactions with health apps.
- Behavioral Data: Likes, dislikes, ad preferences.
- Real-time Location Data: GPS data from various apps.
- Inferred Characteristics: Lifestyle, income, beliefs, hobbies, charitable giving potential, all inferred from online activity.
- Relationships: Family, friends, colleagues—mapped through social media and other connections.
Little Oversight Around Data Privacy: A Patchwork of State Laws
The current regulatory landscape in the US presents a major challenge to data privacy. Unlike the comprehensive General Data Protection Regulation (GDPR) in the European Union, the US lacks a single, overarching federal privacy law. “There is no comprehensive federal privacy law that specifically regulates the industry,” notes Chelsea Magnant, adjunct instructor of cyber leadership at NYU. This absence leaves a patchwork of state laws, making it difficult to enforce consistent protections.
State-Level Regulations
California, with its California Consumer Privacy Act (CCPA) and its subsequent expansion, the California Privacy Rights Act (CPRA), pioneered comprehensive data privacy legislation. However, while approximately 20 other states have followed suit, the specific regulations and thresholds for compliance vary significantly. This inconsistency creates a regulatory maze that some data brokers can easily navigate.
“Different states have different business environments…This lack of a unified approach leaves us vulnerable,” says Rob Hughes, CISO at RSA.
How to Take Control of Your Data: A Multi-Pronged Approach
While complete eradication of your data footprint is virtually impossible, proactive measures can significantly reduce your vulnerability. Rethinking how much personal information you share daily is crucial. This includes turning off location tracking permissions, rejecting cookies, and avoiding posting overly personal details online. Utilizing tools such as secure browsers, VPNs, and tracker blockers can also prove beneficial.
Taking Action: Practical Steps
Major players like Equifax offer opt-out options; however, the process can be complex and time-consuming. Furthermore, even after removal, data frequently reappears from other sources. “Removing your data…impacts their bottom line, so they are disincentivized to make this easy,” says Henderson.
Several data-removal services exist, though they often charge a fee. These services manage the ongoing process of data removal from various brokers. For those opting for a DIY approach:
- Identify the brokers collecting your data: Use Google searches with your information, and directly check major broker websites.
- Submit opt-out requests: Use the provided opt-out links on the brokers’ websites, keeping in mind state-specific regulations.
- Check your results: Regularly revisit broker sites to ensure data removal.
- Engage in digital hygiene: Secure passwords, two-factor authentication, encryption, and virtual identities.
- Seek legal recourse if necessary: File complaints with the FTC or consult an attorney.
‘The Future is Unfortunately Dark’: The Challenges Ahead
Experts emphasize that data deletion is a temporary fix, not a long-term solution. “Consumers have been placed in a bad position,” states Chester. The rise of artificial intelligence only intensifies the problem. Professor Javad Abed of Johns Hopkins Carey Business School warns that AI will allow data brokers to create “even more detailed and predictive profiles.”
The Road Ahead: Technology and Regulation
While technologies like blockchain hold potential for disrupting the data brokerage model, widespread adoption and implementation remain uncertain. “The future is unfortunately dark,” Abed concludes, highlighting the need for collaborative efforts between stakeholders. Until comprehensive federal regulation is implemented, the data broker industry will likely continue to expand, driven by a lack of oversight and the substantial financial incentives involved. “It’s going to take a combination of regulation, technology…and know-how on our own personal side” to achieve meaningful and lasting change, says Kurtic.
