Yesterday, the U.S. Senate Committee on Commerce, Science, and Transportation held a hearing entitled, “What Information Do Data Brokers Have on Consumers, and How Do They Use It?”   Committee members expressed interest in bringing about greater transparency to what information is collected by data brokers and how it is used at the hearing, which consisted of a single panel of witnesses from the FTC’s Bureau of Consumer Protection, the World Privacy Forum, Experian, and the Direct Marketing Association.

In advance of the hearing, Chairman John D. Rockefeller IV (D-WV) released a majority staff report summarizing the Commerce Committee’s investigation into how data brokers collect, compile, and sell consumer information.  The staff report notes that data brokers serve a beneficial function in enabling companies to provide customers with products and services specific to their interests and needs, but that certain data brokers “operate with minimal transparency” and that consumer profiling can raise “unintended privacy issues.”  For this proposition, the staff report cited media reports that a major retailer had developed a pregnancy prediction model to enable the company to target marketing towards expectant mothers. 

According to the Committee’s staff report, a perceived lack of transparency may present further concerns when data broker information “end[s] up in the hands of predatory businesses seeking to identify vulnerable consumers, or when marketers use consumers’ data to engage in differential pricing.”

Senate Commerce Committee members generally echoed these concerns at yesterday’s hearing.  For example:

  • Chairman Rockefeller raised questions about data broker segmentation practices, including the extent to which information collected by data brokers may be used to categorize consumers and market to them on the basis of those categories.  Chairman Rockefeller also asked questions about whether data brokers collect — and for what purpose — sensitive personal data, such as medical conditions, weight, race, nationality, military status, and information about financial status.
  • Senator Richard Blumenthal (D-CT) expressed concern about whether data broker products enable companies to set prices based on a consumer’s estimated willingness to pay.
  • Senator Edward Markey (D-MA) raised questions about whether compilations of information that may fall outside of the scope of the Fair Credit Reporting Act (“FCRA”) can nonetheless be used to make important decisions about consumers.
  • Senator John Thune (R-SD) focused on balancing individual privacy concerns with the information needs of businesses and inquired about the long-lasting effects of inaccurate information and ways to allow consumers to correct data.

Nearly every member asked witness Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, about the FTC’s role in regulating data broker practices.  Ms. Rich noted various enforcement actions that the FTC has taken against data-broker companies, recommendations relating to data brokers set forth in the FTC’s March 2012 Report, and additional educational initiatives, although she underscored that the FTC has limited enforcement tools with respect to data brokers that are not subject to the FCRA.  Both Ms. Rich and the Committee’s staff report flagged the importance of ensuring that data brokers put in place appropriate protections to safeguard against data security incidents.  Of the members of the Committee, Senator Claire McCaskill (D-MO) was especially focused on data security issues as they pertain to customer vetting procedures.

Last month, at the request of Chairman Rockefeller, the General Accounting Office (GAO) issued its long-awaited report on data brokers, “INFORMATION RESELLERS: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.”  The Commerce Committee’s staff report notes that the GAO concluded that current law does not provide consumers any statutory right to know what information data brokers have compiled about them for marketing purposes, or even which data brokers hold any such information.  In her testimony, Ms. Rich also noted the lack of statutorily required transparency.