Companies called data brokers have long operated on the Internet, collecting unprecedented amounts of personal information about billions of people around the world, but few people realize the true scale of their activities. And not everyone knows that in some cases you can request the removal of this information.
Image source: Claudio Schwarz / unsplash.com
Today, every human action on the Internet is carefully collected, packaged and sold for profit: every click, purchase and every “like”. Aggregated personal information in these conditions turns out to be a valuable commodity, as the global data broker industry proves. And with the development of artificial intelligence tools, there is a risk that the volume of information extracted will grow even more, and the world of data brokers, already opaque, will become even more aggressive. This heightens concerns about data privacy.
67% of Americans say they have little or no understanding of what companies do with their personal data, according to a 2023 Pew Research study, up from 59% in 2019. And a majority (73%) of Americans believe they have “little or no control” over what companies do with their information. People don’t realize that even their phone number can be used by data brokers or unscrupulous individuals to reveal highly sensitive information: social security number, home address, email and even family information. Large players in this industry sell information responsibly, but small and unknown ones can bend the rules, cross ethical boundaries and use citizens’ personal data in ways that may cause them harm.
Among the largest players, according to profile service OneRep, are Experian, Equifax, TransUnion, LexisNexis, Epsilon (formerly Acxiom) and CoreLogic, as well as people search services Spokeo and Intelius. These companies operate in multiple industries, processing both public information and proprietary, sensitive data. They offer a variety of services—marketing analytics, credit assessments, and background checks—and they have procedures for requesting the data they collect about you or requesting its deletion. However, the company may respond differently to requests from different countries and even US states.
Image source: Pawel Czerwinski / unsplash.com
Below are the types of information that data brokers typically collect, according to privacy experts interviewed by CNBC.
- Basic identifiers: full name, home address, telephone number and email address.
- Financial data: credit scores and payment history.
- Purchase history: what the consumer searches for on the Internet, what he buys and where, and how often he buys certain products.
- Health data: medications, diseases, and consumer interactions with health-related apps or websites.
- Behavioral data: information about what a person likes, doesn’t like, and what types of advertising they are likely to watch.
- Real-time location data: Satellite location data from apps that track a consumer’s travel, where they shop, and how often they visit certain places.
- Predicted Characteristics: Based on a person’s viewing and media consumption history—websites visited, articles read, videos watched—data brokers create summaries about a person’s lifestyle, income, preferences, religious or political beliefs, hobbies, and even the likelihood of giving to a charity.
- Relationships with family, friends and colleagues: By analyzing connections with friends, social networks and instant messengers, data brokers can map an individual’s relationships and even track how often they interact with certain individuals to assess the depth of those connections.
Data brokers continue to operate with little oversight because their work is not regulated everywhere: there is the General Data Protection Regulation (GDPR) in the EU and some regulations in twenty American states, but even there there is no confidence that these companies are operating properly. To begin meaningful efforts to protect privacy, society needs to understand how much personal information is transmitted every day, experts say. A modern person can no longer hide completely, but he can develop new habits and master new means that will limit the disclosure of data. For example, some mobile applications should limit access to geolocation; in some cases, it is better to refuse to save cookies and refrain from publishing personal data on the Internet. Using secure browsers and tracker blockers will help.
US consumers have the opportunity to opt out of having their personal information shared with some data brokers, or to request that it be deleted, with some requests being processed in as little as one business day. But this procedure sometimes turns out to be deliberately complicated, experts point out, and previously deleted personal data may again appear in the same database, but from other sources. There are also services, mostly paid, that take care of composing and sending requests to delete data from different operators. Those who decide to act independently are advised to search for their personal information through Google and contact the administrations of the sites where this information may be found. Or search the resources of the data brokers themselves – they may also have a deletion request form. In some cases, it may be necessary to resolve the issue in court.
The outlook for the data brokerage industry includes both positive and negative aspects. On the one hand, the development of AI can significantly simplify the work of these companies. On the other hand, blockchain, privacy-enhancing technologies, and the development of the legislative framework can provide protection against them. But until the relevant regulations are adopted, data brokers will continue to collect the maximum possible amount of information – for them this is a source of income, and the more information about each person is collected, the more accurate it is, and therefore more expensive.