Last Friday, the Federal Communications Commission (“FCC”) rejected a petition from consumer advocates asking the FCC to extend its Open Internet Order by requiring edge providers such as Facebook and Amazon to follow the privacy regulations of Section 222 and to require those edge providers to honor “Do Not Track” requests from consumers. The FCC
The International Association of Privacy Professionals hosted its annual Privacy Academy, at which one panel, “Data Brokers Demystified,” specifically focused on regulation of the data-broker industry. The panelists included Janis Kestenbaum from the Federal Trade Commission, Jennifer Glasgow from Acxiom, and Pam Dixon from the World Privacy Forum. Emilio Cividanes from Venable also participated.
Major Conclusions of the FTC Report (Janis Kestenbaum)
- Data brokers operate with a fundamental lack of transparency. They engage in extensive collection of information about nearly every US consumer, profiles of which are composed of billions of data elements.
- Much data collection occurs without consumer awareness and uses a wide variety of online and offline sources, such as social networks, blogs, individual purchases and transactions with retailers, state and federal governments, events requiring registration, and magazine subscriptions.
- The practice of “onboarding”–where offline data is onboarded onto an online cookie and is used to market to consumers online–is increasingly common.
- Some data collected is sensitive, but even non-sensitive data is sometimes used to make “sensitive inferences” about (for example) health status, income, education, ethnicity, religion, and political ideology. Consumers are often segmented into “clusters” based on these inferred characteristics.
- For regulators, some of these clusters are concerning. For example, one cluster is entitled “Urban Scramble” and contains high concentrations of low-income ethnic minorities.
- Congress should create a centralized portal where consumers can go online and access individual data brokers’ websites to opt out and access and correct their information. For consumer-facing entities, like retailers, consumers must be given some kind of choice before data is sold to a data broker, and when that data is sensitive, the choice should be in the form of an opt in.
Continue Reading IAPP Privacy Academy: “Data Brokers Demystified”