FTC Seeks More Control Over Data Brokers3 Jun, 2014 By: Linda A. Goldstein
Consumer privacy and data security continues to be a top priority for the Federal Trade Commission (FTC). Now the Commission has expanded its efforts from enforcement to regulation by encouraging Congress to enact legislation designed to make data broker practices more visible to consumers and to give consumers more control over the amount of their personal information that is being collected and shared by data brokers. As Big Data continues to emerge as the primary currency on the Internet, these recommendations – if adopted – could create a sea change in the marketplace.
Last week, the FTC issued a report entitled, “Data Brokers: A Call for Transparency and Accountability,” which is the result of a study conducted by the FTC on nine data brokers that supposedly represented a cross section of the industry. The brokers in the study included Acxiom, Datalogix and Intelius among others.
At the heart of the report is the FTC’s conclusion about just how massive the amount of data being collected and shared is. For example, the report found that just one of the data brokers studied has information on 1.4 billion consumer transactions and 700 billion data elements – and adds more than 3 billion new data points to its database each month. The report contains a detailed analysis of how data brokers collect information, how data brokers share the information, how the data is analyzed, how it is used for marketing and how it is stored. Among the report’s key conclusions are:
- Data brokers collect information from a vast array of online and offline sources, mostly without the consumer’s knowledge. The data includes massive amounts of detail about consumers’ everyday lives, including their purchases, their social media activity, their religious and political affiliations, warranty information and magazine subscriptions.
- The personal information is widely shared among the data brokers, again without consumer knowledge.
- Data brokers routinely combine online and offline data to market to consumers – thus, even if privacy policies are provided with respect to the collection of online data, consumers are not always aware of how that information is being combined with other data to provide the data broker with more information about the consumer.
- In many cases, the data is combined and analyzed by data brokers in a manner that allows them to make inferences about the consumer in sensitive areas such as ethnicity, income, religion, political preferences and health conditions.
- The data is not only being used for marketing purposes but is also being used in ways that a consumer may not reasonably anticipate. For example, the FTC noted that data on persons characterized as “biker enthusiasts” may not only be used to offer discounts on products targeted to that group but could be provided to an insurance company as a potential lead for high-risk insurance.
- Some brokers store the data indefinitely. The FTC has long taken the position in data breach cases that data should be readily disposed of when it is no longer needed.
In order to address these issues, the FTC recommended that Congress pass legislation that would provide consumers with greater insight into and control over the use of their information by data brokers. For data brokers that provide marketing products, the FTC recommended the following:
- A centralized portal where data brokers can identify themselves, describe their collection practices and provide opt-outs. The FTC would also require that all data brokers provide an opt-out tool.
- Require data brokers to give consumers access to their data, to disclose the names and categories of their data sources, and describe how they use the information, including any inferences drawn from the data collected.
- Require consumer-facing entities, like retailers who share information with data brokers to provide notice to the consumers with the ability to opt out. For sensitive information, opt-in would be required.
The report contains similar types of recommendations for brokers that provide risk-mitigation products and people searching products as well all designed to ensure that consumers understand in great detail what information is being collected and how it is being used and shared, as well as granting access to and the ability to opt-out of the sharing of such information.
Privacy and data security have long been a political football within Congress and despite many efforts by others, no broad based legislation has passed. Marketers will, however, need to keep a close eye on this issue, as the potential impact on marketers could be substantial.
Linda Goldstein is chair of the Advertising, Marketing and Media division of Manatt Phelps & Phillips LLP, based in the firm’s New York office. She can be reached at firstname.lastname@example.org.