It’s an experience we’ve all had before: telemarketers calling during dinner or mailers show up from the postman, targeting us for products that we don’t need or want.
Imagine a member of the military returning home from overseas and getting a mailer in their name with personal details from a company they’ve never heard of or done business with. Or a woman who just found out she’s pregnant immediately getting ads for diapers and onesies before having the chance to tell family or friends. Or receiving solicitation calls about signing up for new credit cards or taking on a car loan when you get a new job. It feels intrusive.
Those ads, which have your real name, address, and phone number, aren’t a coincidence. Data brokers that consumers have no relationship with create custom profiles of individuals and sell them to anybody willing to pay for it.
You don’t have to take my word for it. A brochure posted by Oracle, one of the largest commercial data brokers, advertised a wide range of custom-targeted audiences. Some were generic, but some were deeply personal, reflecting traits that many consumers probably don’t know are tracked and don’t want anyone to track; “very low buying power,” “cold & flu sufferers,” and even “Military PTSD.” These audiences are not anonymized data -- they contain real names, real addresses, and real personally-identifiable information about Americans, available to the highest bidder.
You might be surprised to learn all of this, which is exactly why we need a comprehensive federal privacy law that protects consumers, provides meaningful transparency, and gives consumers control over how their data is collected, used, and shared. For any privacy law to be truly comprehensive and meaningful for consumers, we must pass legislation that covers businesses across all industries that collect and use data, whether they’re online or offline companies. This must include offline credit reporting agencies and data brokers like Oracle, Equifax, Acxiom, and Experian.
Most Americans are largely unaware - and would be very troubled to know - that these massive companies are assembling profiles of them from thousands of different sources and selling it to advertisers. While individuals expect a social media company to know about the information on their profiles, they likely have no idea that Experian, Oracle, or many other massive data brokers have their address, phone number, and a dossier of their probable medical ailments -- again, tied directly to their name.
Data brokers have no relationship with the people whose data they collect and sell. They dig up public records, purchase histories, online browser histories, and anything else they can get their hands on, re-assembling them, packaging them, and selling your personal information.
To be clear, internet platforms need to do a better job protecting privacy too. Improving transparency, control and trust is paramount. New rules are needed for everyone. But the practices of data brokers are hidden and in stark contrast to internet companies that allow users to delete their accounts whenever they want and control their privacy settings with just a few clicks. The same isn’t true of companies in the offline world.
Americans cannot easily delete - or even access - the profile assembled on them by third-party data brokers, and they have extremely limited control over what is collected, reported, or sold about them. In a panel at the Milken Institute, I spoke out about this discrepancy between services that Americans sign up for and the anonymous brokers who fly under the radar, collecting your data without your knowledge.
It’s time to bring all parties involved to the table to discuss comprehensive, federal solutions to protect American’s privacy. Our companies are united in a desire for comprehensive federal privacy laws that protect all Americans.
Americans deserve to have the same expectation of privacy and control over their data no matter where they wander on the web or in the real world. Let’s make it happen.