Photo by JohnsonGoh
The Quiet Spread of Data Brokers Selling Your Personal Information
You’re likely aware that companies like Facebook and Google base their business models on accumulating, analyzing, and selling access to data about you and everyone else in the world. But at least you probably have some sort of a relationship with Facebook and Google. What you may not have realized is just how many companies out there are trading in data about you even though you have no connection with them at all. To these firms, you’re nothing more than bits to be fed into the machine.
Over at Fast Company, Steven Melendez and Alex Pasternack have taken advantage of a new Vermont law that requires data brokers to register with the state to compile a list of 121 of these shadowy companies and explain what they do and how (in theory, anyway) you can extract yourself from their databases. The task is so overwhelming that it’s no surprise most people don’t bother, despite the vast majority of Americans believing that they’ve lost control over how personal information is collected and used. (That linked Pew Research Center data is from late 2014; we suspect people have even lower opinions of companies trading in data now.)
Overwhelming. There ought to be a law… oh wait. Now all I have to do is contact 121 different companies and ask them politely to stop trafficking my data. It appears that this train has left the station and we didn’t even know there was a train!
There should be a law, in my opinion, based upon the GDPR example in the EU. I know there have been criticisms of the GDPR’s over-reach, but I wish America took the data privacy of its citizens as seriously.
Interesting that neither Google or Facebook complied with the law!
Facebook and Google aren’t covered by this law:
Yeah, there are a lot more data brokers in existence who are excluded by the Vermont law’s first-party exclusion clause, even though several of the firms traffic in more 3rd party data than 1st party data. The law should be amended to include any firm that buys and sells personal data, no matter how it is acquired.
Then I agree with Seth! The law should be amended to cover anyone that traffics in personal data.
Great article! Thanks, TidBITS team, for linking to it and maintaining awareness when it comes to all these digital privacy issues. It appears we need it more than ever.
I totally agree. But here in the US all we seem to have is a few states that passed conflicting regulations that nobody seems to pay attention to. What we need is one federal, GDPR-like law to rule them all, including consent, security, privacy, and the right to be forgotten.
But we learned last week that Facebook is in possession of data from non-members (and sells it to others), so surely the Vermont law would apply to them.
Good point Al…
I do think in time the US will implement a GDPR approach to personal data. I can only hope the implementation and the EU’s implementation match or work together… so sites only have to do it once and that’s it for both territories and legal remedies can be quickly implemented.
Here in Europe it’s been interesting, people have adapted very quickly. I no longer have access to all the information the College retains about my students. To be honest, I was irritated initially but now it seems completely appropriate, the alternative absurd.
Seems the Feds are interested now.
California is pressing ahead