An information broker or data broker collects information about individuals from public records and private sources, including census and change of address records, motor vehicle and driving records, user-contributed material to social networking sites, media and court reports, voter registration lists, consumer purchase histories, most-wanted lists and terrorist watch lists, bank card transaction records, health care authorities, and Web browsing histories.
The data are aggregated to create individual profiles, often made up of thousands of individual pieces of information, such as a person’s age, race, gender, height, weight, marital status, religious affiliation, political affiliation, occupation, household income, net worth, home ownership status, investment habits, product preferences and health-related interests. Brokers then sell the profiles to other organizations that use them mainly to target advertising and marketing towards specific groups, to verify a person’s identity including for purposes of fraud detection, and to sell to individuals and organizations so they can research people for various reasons. Data brokers also often sell the profiles to government agencies, such as the FBI, thus allowing law enforcement agencies to circumvent laws that protect privacy.
Beginning in the late twentieth century, technological developments such as the development of the Internet, increasing computer processing power and declining costs of data storage made it much easier for companies to collect, analyze, store and transfer large amounts of data about individual people. This gave rise to the information broker or data broker industry.
Individuals generally cannot find out what data a broker holds on them, how a broker got it, or how it is used. Some data brokers retain all information indefinitely.
Files on individuals are generally sold in lists; examples cited in testimony to the U.S. Congress include lists of rape victims, seniors with dementia, financially vulnerable people, people with HIV, and police officers (by home address). Less controversial are lists of rich people, doctors, or parents.
There are probably between 3500 and 4000 data broker companies, and about a third may provide opt-outs, with some charging over a thousand dollars for them.
Data brokers collect information concerning myriad topics, ranging from the daily communications of an individual to more specialized data such as product registrations.
Brokers and datasets
Data brokers in the United States include Acxiom, Experian, Epsilon, CoreLogic, Datalogix, Intelius, PeekYou, Exactis, and Recorded Future. Acxiom claims to have files on 10% of the world’s population, with about 1500 pieces of information per consumer (quoted in Senate.gov). In 2017, Cambridge Analytica claimed that it has psychological profiles of 220 million United States citizens, based on 5,000 separate data sets (another 2017 claim is 230 million Americans).
Credit scores were first used in the 1950s, but did not become widely known or specifically regulated until the 1990s.
In 1977 Kelly Warnken published the first fee-based information directory, which continues to be published and has expanded to cover international concerns.
A United States Senate Committee in 2013 published A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes. It states that “Today, a wide range of companies known as ‘data brokers’ collect and maintain data on hundreds of millions of consumers, which they analyze, package, and sell generally without consumer permission or input.” Their main findings were that:
- Data brokers collect a huge volume of detailed information on hundreds of millions of consumers.
- Data brokers sell products that identify financially vulnerable consumers.
- Data broker products provide information about consumer offline behavior to tailor online outreach by marketers.
- Data brokers operate behind a veil of secrecy.
The information produced by data brokers has been criticized for enabling discrimination in pricing, services and opportunities. For example, a May 2014 White House report found that web searches that included black-seeming first names such as Jermaine were more likely to result in ads being displayed that include the word “arrest,” compared with web searches including white-seeming first names such as Geoffrey.
An Online Information Broker FAQ is published by Privacy Rights Clearinghouse (PRC), a nonprofit consumer organization in the United States. PRC also maintains a list of information brokers (data brokers, with links to their privacy policies, terms of service, and opt-out provisions.
Data brokers have also faced legal charges for security breaches due to poor data security practices.
Calls for regulation and legislation
A 2007 University of California study, after requesting and analyzing information-sharing practices at 86 companies, found many operating under an opt-out model that it described as inconsistent with consumer expectations, and recommended that the California state legislature require companies to disclose their information-sharing policies using clear, unambiguous language, and consider creating a centralized, user-friendly method for consumers to opt out of information-sharing.
In 2009, the U.S. Federal Trade Commission had recommended the United States Congress develop legislation enabling consumers to see the information that data brokers hold about them, a recommendation it renewed in subsequent reports in 2012 and 2014. In 2013, the U.S. Government Accountability Office also called for Congress to consider legislation.
In October of 2019, California Governor Gavin Newsom signed into action statute AB 1202. This bill “would require data brokers to register with, and provide certain information to, the Attorney General. The bill would define a data broker as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions”. This law was created to safeguard against the “cloak of invisibility” (unregistered, unregulated, untracked information broker) that previous data brokers roamed in and is meant to regulate the purchasing of data in commercial third party buyers and tracks the data brokers information trades. While the law is meant to protect privacy of consumers, this law also defines the profession of a Data Broker legislatively and has put registration perimeters around the profession and purchases of critical consumer data.
The Data Accountability and Trust Act contained a number of requirements for auditing and verification of accuracy of data held by information brokers, and additional measures in the case of a security breach. The bill also gave identified individuals the means and opportunity to review and correct the data held that related to them. It passed through the United States House of Representatives in the 111th United States Congress, but failed to pass the United States Senate. It was revived by the 112th United States Congress in 2011 as H.R. 1707., but died after being referred to committee. The bill was first introduced by Rep. Bobby Rush [D-IL1] on Apr 30, 2009, H.R. 2221
In fiction, information brokers usually find data for a story’s main character(s). Fictional information brokers can be of varying importance and have varying methods. For example, a hacker can be an information broker, though they may be simply transferring whatever information they find to the main character(s). Other brokers may have memorized data and tell the main character(s) covertly. Also, a fee is not always involved. The information broker may have an alliance with the main character(s) or be one as well.
Examples of information brokers in contemporary fiction would be Edward G. Robinson’s character Sol in the film Soylent Green; the Shadow Broker in the video game series Mass Effect; Nicholas Wayne, Rachel, Elean Duga, Gustav St. Germain, Carol, and the President of the Daily Days newspaper company in Baccano!; or Izaya Orihara in the light novel series Durarara!!. A few of the characters in Neil Stephenson’s novel Snow Crash find work selling data as “stringers” for the Central Intelligence Corporation. Information broker characters play a prominent role in stories published by DC Comics. The character trope is best exemplified by the superhero Oracle, but the trope is later used with the characters Calculator, Proxy, Chloe Sullivan, and Felicity Smoak as well.
- ^Beckette, Lois (9 November 2012). “Yes, Companies Are Harvesting – and Selling – Your Facebook Profile”. Retrieved 17 August 2014.
- ^ Jump up to:ab c d “Congressional Testimony: What Information Do Data Brokers Have on Consumers?”.
- ^ Jump up to:ab c “DATA BROKERS: A Call for Transparency and Accountability” (PDF). Federal Trade Commission. Government of the United States. May 2014. Retrieved 13 August 2014.
- ^Etzioni, Amitai (2016). “Reining in Private Agents”. Minnesota Law Review. 101: 279–331. SSRN 2869439.
- ^ Jump up to:ab “Big data: seizing opportunities, preserving values”(PDF). Executive Office of the President. Archived from the original (PDF) on 2014-06-10. Retrieved Aug 17, 2014.
- ^“Online Information Broker FAQ”. Privacy Rights Clearinghouse. privacyrights.org. October 4, 2010. Retrieved May 6, 2014.
- ^ Jump up to:ab c d ehttp://educationnewyork.com/files/rockefeller_databroker.pdf
- ^Kitchin, Rob (2014). The Data Revolution. Sage Publications Ltd. (UK).
- ^Singer, Natasha (16 June 2012). “Acxiom, the Quiet Giant of Consumer Database Marketing”. Retrieved 22 March2019 – via NYTimes.com.
- ^Govind Krishnan V. (3 June 2017). “Aadhaar in the hand of spies Big Data, global surveillance state and the identity project”. Fountain Ink Magazine. Archived from the original on 26 August 2017. Retrieved 27 August 2017.
- ^Cadwalladr, Carole (18 March 2018). “‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower”. Retrieved 22 March 2019 – via www.theguardian.com.
- ^“Online Information Broker FAQ”.
- ^“- Privacy Rights Clearinghouse”.
- ^“Agency Announces Settlement of Separate Actions Against Retailer TJX, and Data Brokers Reed Elsevier and Seisint for Failing to Provide Adequate Security for Consumers Data”.
- ^Hoofnagle, and Jennifer King, Chris Jay (17 December 2007). “Consumer Information Sharing: Where the Sun Still Don’t Shine”. (working paper). SSRN 1137990.
- ^“TC Recommends Congress Require the Data Broker Industry to be More Transparent and Give Consumers Greater Control Over Their Personal Information”. Federal Trade Commission. Retrieved 31 May 2014.
- ^“Assembly Bill No. 1202”. 2019.
- ^Lazarus, David (5 November 2019). “Column: Shadowy data brokers make the most of their invisibility cloak”.
- ^Data Accountability and Trust Act (2011; 112th Congress H.R. 1707). GovTrack.us. Retrieved on 2013-11-12.
- ^“Data Accountability and Trust Act (2009; 111th Congress H.R. 2221)”. govtrack.us. Retrieved November 12, 2013.