The buying and selling of personal data is now a multibillion-dollar industry that operates largely in the shadows. At the heart of this trade are data brokers – companies that specialize in collecting, packaging and selling detailed information about individuals to marketers, financial institutions, political campaigns and more. But who are these mysterious middlemen and what does their existence mean for consumer privacy in the digital age?
The Evolution of an Industry
While the term "data broker" may seem like a product of the internet era, the concept of companies trafficking in personal information is nothing new. In the 1960s, credit reporting agencies began building databases to help lenders assess the risk of potential borrowers. By the 1970s, list brokers were compiling names, addresses and demographics to sell to direct mail marketers.
However, the rise of digital technology in the 1990s and 2000s supercharged data collection. As people began living more of their lives online – communicating, browsing, buying, searching, sharing – they created detailed digital trails. Social media, smartphones, loyalty cards and e-commerce generated troves of data exhaust ripe for the taking.
Data brokers rushed in to scoop up and monetize all of this personal information on a massive scale. No longer restricted to public records and self-reported surveys, they could now tap virtually unlimited sources of real-time behavioral data. The result was databases of unimaginable depth and granularity.
The Staggering Scale of Data Brokers
Just how much data are we talking about? The numbers are mind-boggling:
Data Broker | Number of Consumer Files |
---|---|
Acxiom | 500 million |
Oracle Data Cloud | 2 billion |
Experian | 918 million |
Equifax | 820 million |
CoreLogic | 795 million property records |
Sources: Wall Street Journal, Forbes
According to a 2014 Federal Trade Commission report, one data broker‘s database covered 1.4 billion consumer transactions and over 700 billion data elements. Another broker added more than 3 billion new records each month to its databases. In total, the data broker industry generates $200 billion in revenue annually.
And it‘s not just the volume of information but also the breadth and intimacy of the data points collected. According to the FTC, data brokers gather and sell information on nearly every U.S. consumer, segmented into categories such as:
- Retail purchasing behavior
- Ailment history and prescriptions
- Clothing size and style
- Charitable donations
- Gambling tendencies
- Presence of children in household
- Propensity to seek payday loans
- Religious affiliation
- Social media influence
- Adult content preferences
It‘s an alarmingly revealing portrait of our private lives, packaged and put up for sale without our knowledge.
The Harms of Rampant Data Collection
This ubiquitous data harvesting and distribution raises serious concerns about consumer privacy, consent and discrimination. A few disturbing real-world examples illustrate the potential for abuse:
In 2013, a stalker murdered a woman after obtaining her address from a people search site. The broker had not verified that the man had a legitimate purpose for seeking the information.
A 2018 study by Princeton researchers found that web tracking code on 482 of the top 50,000 websites was invisibly collecting usernames and passwords without consent as users typed them into forms. This data could enable account hijacking across different services.
Location data broker Reveal Mobile publicly claimed to be able to track people to places of worship for ad targeting. Muslim advocacy groups called it "appalling" and an enabler for Islamophobia.
A 2015 analysis by the nonprofit organization Data & Society showed that data brokers frequently grouped consumers into categories that could lead to predatory marketing, differential pricing, and discriminatory treatment. Segments included "Rural and Barely Making It," "Tough Start: Young Single Parents," and "Credit Crunched: City Families."
Journalist Kashmir Hill attempted to opt out of 25 of the most prominent data brokers and found it to be a confusing, time-consuming "sisyphean nightmare." Most people do not have the hours required to complete removal requests with each individual company.
These incidents reveal the unsettling truth that data brokers have the power to expose, manipulate and harm individuals on a grand scale. Yet the full extent of the risks remains largely unknown to the average consumer.
Surveillance Capitalism and the Privacy Paradox
At a macro level, data brokers are key players in what Harvard professor Shoshana Zuboff has dubbed "surveillance capitalism." In this system, personal data is the raw material that is extracted, commodified and monetized by companies as a core business model.
"Digital connection is now a means to others‘ commercial ends," Zuboff writes in her book The Age of Surveillance Capitalism. "At its core, surveillance capitalism is parasitic and self-referential. It revives Karl Marx‘s old image of capitalism as a vampire that feeds on labor, but with an unexpected turn. Instead of labor, surveillance capitalism feeds on every aspect of every human‘s experience."
Indeed, data brokers thrive on an asymmetric relationship where they know everything about us, but we know very little about them. Most people are unaware of the extent of the data collection, confused about how to stop it, but still resigned to handing over personal information in order to access free services and platforms. Experts have labeled this conundrum the "privacy paradox."
"Despite their concern about privacy, people do not actively take steps to protect themselves, a discrepancy referred to as the privacy paradox," explains a paper in Frontiers in Psychology. "The privacy paradox is arguably rooted in psychological biases and heuristics that hamper optimal privacy decision-making, including information and knowledge deficits, as well as uncertainty, contexts, and emotions."
Data brokers exploit this misalignment of attitudes and behaviors, leveraging our complacency and digital dependence to keep the data flowing. It‘s like boiling a frog slowly – each incremental loss of privacy seems tolerable until we find ourselves trapped in an inescapable state of surveillance.
The Technology Behind the Trade
So how exactly are data brokers able to gather such vast quantities of information on virtually every person? They employ a dizzying array of tracking technologies and collection methods, constantly evolving to adapt to our changing digital habits.
One of the most pervasive tools is the cookie – small text files stored on your device by websites to remember logins, preferences and browsing activity. Third-party cookies allow companies to track you across multiple sites to build a detailed profile over time.
Other common trackers include:
- Pixel tags – tiny, invisible images embedded in web pages and emails that record when and where you viewed them
- Browser and device fingerprinting – a technique that stitches together small configuration details about your computer or phone to identify you
- Mobile location trackers – code in apps that logs your real-time GPS coordinates and path throughout the day
- Cross-device tracking – methods to link all of your digital footprints across smartphones, laptops, tablets, wearables and internet-connected TVs
On the back end, data brokers leverage massive cloud storage systems, parallel processing and machine learning to sift through billions of data points in real time. Predictive modeling and behavioral analysis generate assumptions about your lifestyle, habits and the products you‘re most likely to buy.
"The holy grail of data brokers is creating ‘master profiles‘ of each individual," says Pam Dixon, executive director of the World Privacy Forum. "That‘s a profile that has so much information about you that it‘s almost like creating a digital clone."
Watching the Watchers
So if data brokers are vacuuming up our information on an unfathomable scale, surely there are laws and regulators making sure they do so responsibly, right?
Not exactly. The data broker industry is largely unregulated in the United States, operating in a virtual Wild West of lax oversight and minimal consumer protections. While there are a few narrow sector-specific privacy laws (HIPAA for healthcare data, GLBA for financial records, FERPA for educational information), there is no overarching federal statute that regulates the collection and sale of most personal data.
The Federal Trade Commission, the closest thing to a privacy watchdog in the U.S., has called on data brokers to improve transparency and give consumers more control over their information. But the agency‘s recommendations are strictly voluntary and unenforceable. Brokers are not legally required to let you access your data, correct mistakes or delete it.
A few recent developments have sparked hope for a tidal shift:
In 2018, Vermont became the first state to pass a data broker registry law. Companies that buy and sell personal data must now disclose their activities to the state and allow residents to opt out.
The California Consumer Privacy Act (CCPA), which went into effect in 2020, gives Californians the right to know what personal information is being collected about them, request that it be deleted and opt-out of its sale to third parties. However, the law is still riddled with loopholes and only applies to California residents.
The European Union‘s General Data Protection Regulation (GDPR) is currently the gold standard for comprehensive privacy legislation. It requires companies to get explicit consent before collecting personal data, allows individuals to access and delete their information, and imposes hefty fines for noncompliance. But again, it only covers EU citizens.
By contrast, congressional efforts to pass a U.S. federal privacy law have repeatedly stalled and stagnated. The latest attempt, the American Data Privacy and Protection Act (ADPPA), faces an uncertain future as competing interests haggle over the details.
A Murky Path Forward
The unregulated data broker industry poses a daunting challenge to individual privacy rights. But there are steps we can take to rein in the reckless data trade and give consumers more control:
-
Push for comprehensive federal privacy legislation in the U.S. that includes data broker provisions, such as mandatory registration, consent requirements, user access rights and strict penalties. Laws like the GDPR and CCPA provide a roadmap.
-
Demand radical transparency from data brokers. They should be required to disclose exactly what data they collect, where it comes from, who buys it and how it‘s used. Summaries should be available in plain language, not buried in a verbose privacy policy.
-
Simplify the opt-out process with one-stop shops. Instead of placing the burden on consumers to contact dozens of different brokers, create a centralized registry where people can easily see all the companies trafficking in their data and request removal.
-
Restrict data brokers from collecting and selling certain sensitive categories of information, such as health conditions, sexual orientation, religion and political beliefs. Prohibit using data to enable stalking, discrimination or predatory targeting of vulnerable groups.
-
Educate the public about the extent of data collection and empower them to take back their privacy. This requires a massive awareness campaign and digital literacy initiatives to help people understand arcane concepts like cookies, fingerprinting and location tracking.
-
Build alternative models and services that don‘t rely on surveillance advertising and data exploitation. Support companies developing contextual ad networks, data co-ops, paid subscriptions and privacy-preserving analytics.
Conclusion
Data brokers have weaponized personal information, turning our digital exhaust into a tradable commodity without our knowledge or meaningful consent. The current system is an ethical and privacy nightmare, giving a handful of companies an unprecedented window into our most intimate moments and behaviors.
Left unchecked, data brokers and their algorithm-driven surveillance machines pose an existential threat to human autonomy, dignity and free will. Their insatiable hunger for data is eroding the very notion of having a private life, an inner self shielded from the prying eyes of commercial interests.
Yet data brokers are not an unstoppable evil. With robust regulation, radical transparency and a massive public awareness campaign, we can curb their worst excesses and carve out a digital future that puts privacy and user rights first.
As we hurtle towards an era of ubiquitous sensors, smart cities and artificial intelligence, now is the time to confront the data broker leviathan and reclaim our right to self-determination. The privacy of billions depends on it.