In today’s data-driven world, our personal data is constantly being collected and analysed without our knowledge. Data brokers play a crucial role in this process – they gather vast amounts of data and sell it for profit.
This article will take a closer looker at ethical and legal issues and practices of data brokerage and the data broker industry, introducing their types, regulations, data collection, breaches, as well as the future trends.
What Are Data Brokers?
Data brokers are companies that collect and sell personal data for profit. They gather information from a wide variety of sources to build a detailed picture of an individual. This information can include any personal data from basic demographics to online purchasing histories. These sources can also range from public orders to online surveys to mobile applications. At its core, data brokers collect personal information, analyse it, and license it to other organisations for marketing purposes.
The data brokerage is a booming industry, which is estimated to be worth $200 billion per year. There are up to 4,000 data brokering companies worldwide. Typically, these companies do not have direct relationship with individuals whose data they collect, instead they collect user data from third party data providers. This means that most individuals are unaware that their data is being collected and sold by data brokers, and thus have little control over their data.
Data brokers operate in regions with varying regulatory landscape. In the UK and the EU, they operate on the edge of the law and navigate GDPR restrictions. Although the GDPR provides stringent protections of personal data, data brokers often rely on the loopholes to collect information. In contrast, they also operate in the United States, where data privacy law is not very restrictive. Due to the lack of a comprehensive federal regulation, it is relatively easy for data brokers to process information in the US.
Types of Data Brokers and Their Roles
Data brokers can be categorised into several types, each with specialised roles in the market. These include marketing and advertising, fraud detection, people search, financial information, and health information data brokers. most signi
- Marketing and Advertising Data Brokers: they create detailed databases of individuals and categorise them into specific audiences based on demographic, behaviours or interest. Among the most significant data brokers, advertising companies can then purchase these audiences and show them targeted advertising and marketing.
- Fraud Detection Data Brokers: some data brokers supply and offer fraud detection, a service typically used by banks and mobile phone operators. By their verification services, data brokers help determine whether the information provided is accurate and legitimate. This can reduce the risk of granting a loan to a fraudster, or falling victim to other types of scams.
- People Search Data Brokers: they collect tremendous amounts of individuals’ information and then make it available on people-search sites. These sites then allow individuals and companies to find information about a person by searching for their name, phone number(s), address, email address, and even social-security number.
- Financial Information Data Brokers: they collect and sell financial data about individuals to financial institutions or landlords, who will make their decisions to grant loan or sign the housing agreement based on the assessment of these financial data, which may include looking for bankruptcy records amongst other data types.
- Health Information Data Brokers: they specialise in collecting and selling health-related data for various purposes, such as clinical research or pharmaceutical marketing.
In summary, data brokerage companies play a significant role in the market, providing data to companies for various commercial purposes. They not only sell aggregated data to other data brokers, but also directly to advertisers, political campaigns, financial institutions, landlords, and employers. They constitute an essential component of today’s data-driven economy.
Data Brokerage Regulations
Data brokerage regulations are complicated and vary by jurisdictions. The legal picture is not always clear-cut, and thus make it challenging for both data brokers and individuals to navigate.
EU and UK
There is the General Data Protection Regulation (GDPR), which requires a lawful basis such as consent, before data can be collected or used. A failure to to so is a breach of the GDPR and can result in punitive measures. The GDPR sets a high standard for data protection worldwide, as it applies to any data brokers that targets or collects individual data in the EU or UK regardless of where the data broker is located.
Specifically, in the UK, data brokers must also comply with the Data Protection Act 2018 (DPA 2018), which aligns with the GDPR to protect personal data and privacy.
US
In the US, laws vary by state, with some states taking a closer interest in data broking than others. California is a typical example, where data brokers must register with the California Privacy Protection Agency annually.
While a comprehensive federal privacy law does not exist, there are various sector specific laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Fair Credit Reporting Act (FCRA), regulating the data processing by data brokers.
Other Countries
Other countries may have different regulations and laws regarding data brokers. Data brokers may need to pay close attention to the Personal Information Protection Law (PIPL) in China, the Personal Data Protection Act (PDPA) in Singapore, the Personal Information Protection Act (PIPA) in South Korea, the Privacy Act in Australia, and so on.
Staying current with these global regulations would benefit data brokers as to their compliance strategies.
How Do Data Brokers Collect Personal Data
Data brokers collect vast amounts of personal information from various sources, including public records, online behaviour, and offline transactions. To create a detailed profile of an individual, these sources cover both the physical and digital worlds. As a result, it is pivotal to understand these sources and methods of data collection by data brokers.
Sources of Data Collection
Data brokers collect information from online and offline sources. There are companies selling personal information which data brokers utilise. Additionally, they may collect information from social media, online searches, and purchases made online or in-store.
Beyond online source, data brokers may also obtain information from public records, such as property records and court documents. This demonstrates the extensive range of data collection beyond the digital footprint into publicly available data.
Methods of Data Collection
Data brokers use various methods to collect data. They use tracking cookies, browser fingerprinting, web and email beacons, and IP address tracking to collect data.
They also crawl the internet to gather vast amounts of data automatically. In addition, they may use customer data platforms to collect and analyse data, which would help data brokers to create targeted profiles.
What Information Do Data Brokers Collect?
Data brokers obtain a wide range of personal information, including demographic data, online behaviour, and offline transactions. This can include basic details like age, address, gender, and occupation, as well as more specific information about interests, product usage, and purchasing habits.
Beyond that, they may also collect sensitive information, such as health issues, past bankruptcies, legal disputes, political view, or even criminal records. Data brokers then aggregate this vast amount of information to build up user segments, which they sell to other companies for commercial purposes.
Data Brokering Breach Examples
The sensitive information compiled by data brokers could have severe consequences for the individuals affected if it fell into the wrong hands. This information as listed above could be a goldmine for malicious actors, who expose this sensitive data to the public. These breaches would cause a wide range of harmful consequences for the affected individuals. For example, stolen financial data could be used to make unauthorised purchases, open fraudulent accounts, or apply for loans. In addition, the affected individuals may suffer reputational damage or emotional stress.
Notable data broking breaches include Equifax’s 2017 data breach, which exposed the personal data of over 147 million people. This breach serves as a reminder of the potential scale and impact of data breaches involving data brokers. Given the vulnerability of data brokers, they must take steps to protect consumer data and prevent data breaches. This could include implementing strong security measures and regularly auditing their IT systems.
How to Protect Your Consumer Data from Data Brokers
While it isn’t easy to completely disappear from data broker lists, you can take the following steps to limit the information they collect and safeguard your online privacy.
Opting Out and Removing Yourself from Data Broker Lists
Choosing to opt out data collection by data brokers is the most direct method. Although it isn’t easy to stay off data broker lists entirely, you can opt out of data collection by contacting data broking sites individually. This could turn out to be time-consuming, because you may unintentionally leave your information to various data brokers.
However, you can use companies that scan for your data in the databases of major data brokers and provide you with a report on where your data has been found.
These external services can help you streamline the opt-out process. Upon receiving your opt-out requests, data broker are legally obligated to remove your data from their lists. For added convenience, you can also pay a data protection service to handle the opt-out process on your behalf.
Using Privacy-Enhancing Tools and Software
A better approach is to try to stay off data broker lists in the first place by using privacy-enhancing tools and software to safeguard your privacy online. These tools involve minimise your digital footprint and limiting the information you share.
Take Virtual Private Networks (VPNs) as an example. When you connect to the internet using a VPN, your IP address remains hidden, and your data is encrypted. This makes it more challenging for data brokers to track your online activity and collect your data. Other tools or software include privacy-focused browser, ad blocker, and encrypted messaging apps, all of which can help you restrict the data available to data brokers.
Practising Safe Online Habits
Practising safe online habits is crucial. You can protect your online security by using strong passwords and being cautious when sharing information online. You should avoid sharing sensitive information on public Wi-Fi networks and be cautious of the information you post on social media. You should also regularly review your privacy setting on social media and other online platforms, and limit the information you share with the operators.
Staying Informed about Data Broker Activities
Last but not least, staying informed enables you to make informed decisions about your online privacy and take proactive steps to protect your data. You can stay informed about data broker activities by reading news articles and following data broker companies on social media. You can also use online resources to learn more about data brokers and how they collect and sell consumer data.
The Future of Data Brokers
As a complex yet opaque sector, the data brokerage industry is facing significant transformation. The future of data brokers is uncertain, because laws and regulations surrounding data brokers are changing, which are driven by growing public awareness and privacy concerns. While this industry has boomed due to the lucrative sale of personal data, data brokers need to get prepared for a future where emerging trends and regulatory shifts suggest both challenges and innovation.
Emerging Data Brokers
New data brokers are emerging, including companies that specialise in collecting and selling data on specific topics, such as biometric or genetic information. This specialisation reflects the increasing granularity of data collection by data brokers, which is extending into highly sensitive areas.
The data brokerage industry is also rapidly evolving, with new technologies and methodologies being developed to collect and analyse consumer data more efficiently. While these advancements are beneficial for businesses, they are pushing the boundaries of data collection and analytics.
Calls for Stricter Regulation
There are calls for stricter regulation of data brokers, including laws that require explicit consent before data can be collected by data brokers. This push for greater transparency and control over personal data is a direct response to the current lack of oversight in many jurisdictions.
Data brokers may need to adapt to these changes and find new ways to collect and sell consumer data. Some of them are already taking steps, such as implementing stricter data protection policies or anonymising data, to protect consumer data. These voluntary measures are a positive sign in the industry.
Conclusion
In conclusion, data brokers are central players in the data-driven economy. They act as intermediaries that collect and sell vast amounts of consumer data. They gather information from various sources to build detailed profiles of individuals.
This raises significant legal and ethical concerns, particularly regarding transparency, data security, and potential misuse of sensitive information. Stricter regulations and greater accountability would be needed within the data brokerage industry.
In addition, the impact of data brokers on online security and privacy cannot be underestimated. Individuals can be exposed a range of risks, from price discriminations to identity theft. As a result, individuals must take proactive measures to safeguard their privacy, including utilising privacy-enhancing tools, practising safe online habits, and staying informed about data broker activities.
Through this combination of regulatory oversight and individual responsibility, we can effectively address the challenges posed by data brokers and ensure a future where online privacy is protected.
Frequently Asked Questions
Are data brokers legal in the UK?
Yes, they are legal if they can rely on the appropriate lawful base under the UK GDPR Article 6 to collect personal data. A typical example is the individual’s consent.
How do I protect myself from data brokers?
You can follow the steps below:
- Don’t post personal information, such as your date of birth, on social media;
- Don’t participate in online quizzes or enter online sweepstakes; and
- Don’t download risky apps from untrustworthy sources.
How do data brokers get your information?
They might get your personal information from the posts you’ve made or “liked” on social media, online quizzes or sweepstakes you’ve entered, and the websites you’ve visited.
How do I remove my personal information from data brokers?
You can follow the instructions contained in the data collection notification email to request your data be removed. Without notifications, you would have to manually search data brokers and file out an opt-out form.
