Lawmakers Target Data Brokers
Business owners want to know where you shop, what products you like, what you may want to buy in the future, and much more. Data brokers are companies that utilize the internet and other resources to gather information about you and sell it to businesses.
The methods used to gather data are generally legal, however, recently proposed legislation would improve security for consumers by requiring that data brokers provide information about their practices and about the collection of personal data.
A major issue in data privacy is the lack of transparency and awareness for consumers regarding which companies are collecting their information and what it’s being used for, thereby putting consumers’ privacy at risk.
The Data Broker List Act of 2021, if enacted into law, would establish a national registry where data brokers would be required to register annually and implement comprehensive information security systems to prevent security breaches.
What is a data broker?
Data brokers are companies that collect information based on your online activity and sell it to other companies for marketing purposes. Data brokers do not have a relationship with consumers and most people are not aware that a broker is collecting their data.
Brokers collect data from public records, online sources (web browsing, social media, gaming apps, and more), commercial sources such as loyalty cards, and from the individual, most of the time due to the person failing to read the contractual fine print.
For example, if there has ever been a time when you’ve browsed the web and noticed an ad for a product you’ve purchased or searched for in the past, a data broker is most likely at work. Businesses purchase data from brokers and use it to market products directly to you.
Brokers may also sell collected information to people search websites to help build their databases and to lending institutions to help them determine if you’re a good candidate for a loan, for example.
The Data Broker List Act of 2021 would:
- Require data brokers to register annually. This bill would require companies selling consumer data to register with the Federal Trade Commission (FTC) in a national registry, and provide information about their practice and the collection of personal data;
- Require implementation of security systems. This bill would require data brokers to have in place a comprehensive information security system to mitigate the risk of data security breaches;
- Authorize enforcement power. This bill would give the FTC enforcement power, including the ability to oversee compliance with the provisions in the bill. It would also give the FTC rulemaking authority to determine what regulations are necessary for enforcement; and
- Require annual review. The bill would require the FTC to conduct an annual review of the data broker registry and provide a report to Congress with recommendations, beginning no later than one year after enactment.
What you can do
Although it is difficult to avoid data brokers, there are a few things that you can do to reduce the amount of data they gather. For example, avoid activities such as posting excessive personal information on social media and taking online quizzes. If you’re tech savvy, use a Virtual Private Network to enhance privacy, and register with websites which remove your name from telemarketing lists or marketing sites.
Help is available
The attorneys at O’Reilly Rancilio are available to answer your questions about cybersecurity law. For more information please call 586-726-1000 or visit our website.