There has been a good deal of controversy about how personal data has been collected, sold, and used over the past few years. Companies of all types package and sell data to create a valuable extra revenue stream for their business, and while this should be thought of as a side effect of all the data that is created by people, it can also create some pretty difficult situations to try and navigate. Today, we’ll take a look at the data-broker loophole, how it works, and what can be done about it.
What is the Data-Broker Loophole?
The data-broker loophole is a gap in privacy regulations that permits third-party companies, called data brokers, to collect, purchase, and sell personal information without explicit permission from individuals. These companies acquire data from a wide range of sources, both public and private, such as social media platforms, websites, apps, public records, and other entities that handle personal information. Let’s quickly discuss four aspects of the data-broker loophole you need to understand.
Lack of Direct Consent
Unlike platforms or services that directly interact with users (such as social media platforms or e-commerce sites), data brokers do not always need to obtain explicit consent to gather or sell data. This is because they collect data from third-party sources or through partnerships.
No or Minimal Regulation
In many places, privacy regulations (like the GDPR in Europe or CCPA in California) focus on companies that directly collect data from consumers. However, data brokers often fall outside the scope of these laws, especially if they obtain data indirectly. This makes it difficult for users to know which companies hold their data or how it's being used.
Aggregated Data Profiles
Data brokers compile detailed profiles about individuals, including demographics, habits, interests, health information, and purchasing behavior. These profiles are sold to advertisers, insurance companies, political campaigns, and more. The data is typically anonymized, but the extent of aggregation can still allow for individuals to be identified.
Hard to Opt-Out
Opting out of data collection by data brokers can be complex and time-consuming. Even when an individual manages to remove their information from one broker, it may already have been shared or sold to others, making the removal effort less effective.
Why Does This Create a Problem for Users?
There are plenty of ways that personal data that you deliberately shared with one company and was subsequently sold to another, can be problematic for users. Let’s take a look at a couple problems the data-broker loophole can create:
Privacy Risks
The collection and sale of data without explicit consent pose risks to individual privacy. Detailed profiles can be used for targeted advertising, political influence, or even potential discrimination. There have been anecdotes from people that have had their civil rights impeded upon by law enforcement agencies willing to pay for information to get around individual fourth amendment rights.
Security Risks
If data brokers' databases are hacked, a significant amount of personal information could be exposed. Unfortunately, this has happened many times, with data brokers being hacked and information such as Social Security numbers, names, addresses, contact information, and more being exposed and published on the dark web or used to take advantage of individuals.
Lack of Transparency
Most consumers are unaware of the existence of data brokers, the extent of data collection, and how their information is used. This is a problem for the average consumer, because they don’t actually understand how the whole system works and how it could negatively affect them in the future.
Doing what you can to control how your data is shared is more important today with so many organizations in search of it. If you would like to learn more about ways your organization can help your employees better control their data, give us a call today at (760) 466-1200.
Comments