FTC: Data Brokers Know You Better Than Mom Does - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Business
09:25 AM
Connect Directly

FTC: Data Brokers Know You Better Than Mom Does

Federal Trade Commission report calls for restrictions on data brokers, finds companies gather billions of consumer transactions daily, largely without public knowledge.

IT Salaries: 8 Cold Hard Facts
IT Salaries: 8 Cold Hard Facts
(Click image for larger view and slideshow.)

Companies that silently gather data on consumers should be more transparent about what they do and should give consumers more control over the information they collect, a Federal Trade Commission report said Tuesday.

The report examines the practices of nine data brokers: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intellius, PeekYou, RapLeaf, and Recorded Future. It concludes that the data gathering industry in the US operates without meaningful transparency or public accountability and recommends that Congress consider legislation to address those deficiencies.

"The extent of consumer profiling today means that data brokers often know as much -- or even more -- about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," said FTC Chairwoman Edith Ramirez in a statement. "It's time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist."

The report finds that data brokers have information on almost every US consumer, collect billions of data points every month, and often share this information with other data brokers. The companies collect information about what people buy, their social media activity, product registrations, magazine subscriptions, religious and political affiliations, and a variety of other details. They combine online and offline information to create categorical profiles, some of which might offend those so characterized or might be considered sensitive because they focus on ethnicity, income, education level, or health conditions.

[How much do you trust your gut? Read Big Data Debate: Do Analytics Trump Intuition?]

For example, categories such as "Urban Scramble" and "Mobile Mixers" include a high-concentration of Latinos and African Americans with low incomes. The category "Rural Everlasting" refers to "single men and women over the age of 66 with 'low educational attainment and low net worths.' " Other categories include those believed to be pregnant, those concerned about diabetes, and those concerned about high cholesterol.

The report notes these categorizations could create costs for consumers if, for example, insurance companies elect to use these profiles to evaluate individuals' health or injury risks.

Peggy Hudson, senior VP of government affairs for the Direct Marketing Association, said in an emailed statement that the DMA has long supported transparency and consumer choice through services like DMAchoice, for opting out of mailings, and through cooperation with the Digital Advertising Alliance.

Hudson contends that, despite thousands of pages of documentation and two years of investigation, the FTC report "finds no actual harm to consumers, and only suggests potential misuses that do not occur."

Daniel Castro, director of the Center for Data Innovation, a think data promoting data usage in business that's affiliated with the Information Technology and Innovation Foundation, said in an emailed statement that forcing companies to provide consumers with notice after every transaction would hinder commerce while doing little to promote consumer trust. "The FTC seems to be stuck in a notice-and-choice world while everyone else is trying to move on," he said.

In a follow-up email, Castro elaborated on why he believes notice-and-consent, the traditional privacy paradigm, is no longer relevant. He favors the term "notice-and-choice," perhaps because the absence of "consent" implies a transgression of some sort. The absence of choice merely suggests a more limited menu of options.

"The problem with notice-and-choice is it's disruptive to the free flow of data," said Castro. "For example, if Google had to serve up (in the words of the FTC) a 'prominent notice to consumers' every time somebody clicked 'search,' we wouldn't have things like Google Flu trends."

Castro argues that notice-and-choice worked for the world of paper records, but breaks in the digital world, in terms of online products and services. "You don't see a lot of petitions asking the government 'please require websites to give us more pop-up notices.' Or citizens calling their members of Congress saying they wish their hair stylists and plumbers would be like their doctors and give them a HIPAA-like privacy notice before providing them a service."

Castro, like Hudson, chides the FTC report for its focus on "speculative harms." Yet, such data gathering represents a speculative harm in part because there's so little transparency. How is an individual to know whether he or she has been harmed by a data transaction -- through a higher insurance premium, for example -- if the data broker does not reveal what data was sold and the data buyer does not explain the data's impact on decision making?

Perhaps more to the point, privacy is not measured by the absence of harm. An unknown person standing in your bedroom at night may not do any harm. But you would probably prefer more privacy, even with the assurance that your lurking guest merely wants to see if you're in the market for sleeping pills.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/9/2014 | 3:51:50 AM
Let's have a Bronx cheer for the DMA
Asking one of the talking heads from the DMA about protecting consumer privacy is like consulting with a fox as to henhouse security.  It is pointless and a profound waste of time.  OF COURSE the DMA will say that *any* notice to consumers as to how their data is collected/used/bought/sold will "impede" (zod forbid) the flow of data!  The FTC may make a whole lotta noise using trendy buzzwords such as "transparency" but unless and until data collection/sharing become opt in rather than opt out, identity theft/data breach will continue to occur. 
Charlie Babcock
Charlie Babcock,
User Rank: Author
5/28/2014 | 7:01:44 PM
Consumers should be able to choose privacy
Consumers should own their own data, with a right to keep it private. Instead, big Web companies set themselves up allegedly in service to consumers and in reality collecting information that can be monetized from individuals using their services. Choosing how much of your information to make public and how much to keep private is precisely the service that is not available today.
User Rank: Moderator
5/28/2014 | 11:22:30 AM
Nobody Talks About How Flawed the Data Is...
Data Selling is an epidemic in the US, it is like having cash burning a hole in your pocket anymore.  What gets me is how naive everyone is or they just don't want to talk about the accuracy of the data that is requeried and sold.  It's getting worse out there too and banks, companies, data brokers, etc. have the perfect situation as they can roll and make money on as much flawed data as they want and we are the "free" labor to fix it when there are errors...we get are the ones who get screwed. 

Just yesterday I was talking about getting emails now for Dr. Duck, and I'm not a doctor but I have been sold and requeried and attached to meta data from my blog that would allude to that fact so now I get unsolicited emails for Dr. Duck.  Check out the World Privacy Report and they address this pretty well on how it works and the dangers for consumers...


I just can't believe how "stupid" everyone is out there with beleieving what they find and I have another problem with being listed with two aliases they say I have used.  Fact of the matter, I have never used an alias in my life.  It' total garbage for a lot of it.  Stupid employers use it with their junk science and treat such information like it's the gospel.  Quants have been talking about "virtual" worlds and values since 2004 as they know, they build them.  General public sure is bliss with all of this I have to say. 

Look at Google in suspending my Google Plus account for no other reason than the fact that my real name that works everywhere else in the world was not "machine compliant" by the use of their machine learning algorithms.  Did I get an email..nope..machine learning just cut me off and and oh gee if employers were looking at that..there's a "bad" person lurking there as "what did she do" to have Google suspend here..nothing as their dumb algorithm basically said I was a real duck as their machines had not learned enough. 


Last year I received my new car insurance policy.  Well again my car insurance company with their programmed algorithms assumed I was not giving them complete information and added two new secondary drivers to my policy.  Well again I've never had secondary drivers ever on my policy but I did sell a house about 9 months prior to this and guess what, the couple that bought my house 9 months prior were the "new secondary drivers" that my car insurance company added...see what I mean...

FTC is pretty useless as you need an index to find out who ALL the data sellers are as it goes beyond the brokers by all means.  Again we have digital illiterates trying to create policy with no data mechanics logic.  I have been saying this for 3 years and write to the FTC on this topic.  You need an index to regulate a group and we don't have that so until that is done, it all will fail as people just code around verbiage all the time..look at the banks, master of it.  Steve Kroft at 60 Minutes too just scratches his head on this as they put it out there and consumers in oblivion just suck it up. 


Take in some videos from folks smarter than me, Quants that tell you how this works, they have been talking about this issue since 2004...time to learn up.  Subprime could not have happened without it.

User Rank: Ninja
5/28/2014 | 10:51:18 AM
Right to view data and usage
I think one of the biggest issues with the collection and inevitable transmission between companies as it relates to personal data is that the public has no option to review the data for accuracy.  As more companies start to pull data from these brokers, especially in the medical industry, it will have significant impact on how customers are profiled.  For example, if a customer of an insurance company is suddenly profiled as having a life-threatening disease, regardless if it has been diagnosed or not, it might significantly alter their premiums.  What control would a customer then have to argue that the data was taken out of context and does not apply to them?  Prior, it was the actual medical offices which would deal with the transmission of information between the insurance provider and healthcare provider, but the risk of data brokers in the future having the ability to provide out-of-context data might impact the rights of the customer themself.
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll