FTC takes aim at data brokers
The United States Federal Trade Commission yesterday issued orders requiring nine data brokerage companies to provide the agency with information about how they collect and use data about consumers. In a press release, the agency said it plans to "use the information to study privacy practices in the data broker industry."
Data brokers are companies that collect personal information about consumers from a variety of public and non-public sources and resell the information to other companies. In many ways, these data flows benefit consumers and the economy; for example, having this information about consumers enables companies to prevent fraud. Data brokers also provide data to enable their customers to better market their products and services.
The nine data brokers receiving orders from the FTC are: 1) Acxiom, 2) Corelogic, 3) Datalogix, 4) eBureau, 5) ID Analytics, 6) Intelius, 7) Peekyou, 8) Rapleaf, and 9) Recorded Future.
The 15-page orders, approved by a 5-0 vote of the commission and sent individually to each company, demand detailed, sworn reports from all nine companies about "the nature and sources of the consumer information the data brokers collect; how they use, maintain, and disseminate the information; and the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold."
The reports are due by February 1, 2013.
If those companies' names aren't familiar, it's because all of them work hard to fly under the consumer radar. But they represent very big business.
The New York Times reported last week on the size of the industry:
By now many Americans are learning that they are living in a surveillance economy. “Information resellers,” also known as “data brokers,” have collected hundreds to thousands of details — what we buy, our race or ethnicity, our finances and health concerns, our Web activities and social networks — on almost every American adult.
[...]
The consumer data trade is large and largely unregulated.
Companies and organizations in the United States spend more than $2 billion a year on third-party data about individuals, according to a report last year on personal identity management from Forrester Research, a market research firm. They spend billions more on credit data, market research and customer data analytics, the report said.
The FTC notes that data brokers "collect, maintain, and sell a wealth of information about consumers" with little accountability for the information, which they typically collect from public records and from other companies. As a result, the commission said:
[C]onsumers are often unaware of the existence of data brokers as well as the purposes for which they collect and use consumers’ data. This lack of transparency also means that even when data brokers offer consumers the ability to access their data, or provide other tools, many consumers do not know how to exercise this right. There are no current laws requiring data brokers to maintain the privacy of consumer data unless they use that data for credit, employment, insurance, housing, or other similar purposes.
The FTC says it plans to use the responses it receives to "make recommendations on whether, and how, the data broker industry could improve its privacy practices."
The investigation comes in the wake of the apparent collapse of the Do Not Track standard, a self-regulation scheme which was scheduled to be completed by the end of 2012 but has been delayed into 2013 by squabbling at the W3C committee charged with developing the standard.