Methods for preventing data brokers from selling your personal information

The spotlight in conversations regarding data privacy and security often centers on the actions of major tech companies like Google, Facebook, and others, concerning the handling of user data. 

However, less attention is given to a specific type of enterprise known as data brokers, whose primary objective revolves around gathering personal information for the purpose of selling it for financial gain. 

It is important to understand who these data brokers are, how they acquire your data, what they do with it, and the available options for opting out.

What are data brokers?

Data brokers are companies that specialize in selling personal information about individuals. These companies gather data from various sources to create a comprehensive profile of individuals, which they then sell to interested parties. The data brokering industry is a lucrative one, estimated to be worth around $200 billion annually, with approximately 4,000 data brokering companies worldwide. Some notable data brokers include Experian, Equifax, Acxiom, and Epsilon.

One major criticism of the data brokerage industry is its lack of transparency. Data brokers have little incentive to engage with the individuals whose data they collect, analyze, share, and profit from. This lack of direct interaction means that most people are unaware that their data is being collected. While individuals often agree to online privacy policies and terms of use without much thought, the extent of the data being consented to and the cumulative impact across numerous websites is not always clear.

Sometimes, the terms “information broker” and “data broker” are used interchangeably as they refer to the same concept. However, since data brokers have no direct relationship with the individuals whose data they handle, the data collection process can often go unnoticed by those being profiled.

How do data brokers collect information?

Data broker websites employ various methods to obtain information about individuals, both online and offline, in order to create comprehensive consumer profiles:

• Web Browsing History: Whenever you use search engines, social media apps, online quizzes, enter competitions, or visit different websites, you leave behind a digital trail. Data brokers leverage this information to construct a detailed understanding of your identity. Most websites employ web tracking tools that collect data about your online activities. Data brokers utilize web scraping, a software or script that extracts data from websites, to gather this information.
• Public Sources: Data brokers access publicly available records such as birth certificates, marriage licenses, divorce records, voter registration data, court records, bankruptcy records, motor vehicle information, and census data.
• Commercial Sources: Data brokers track your purchase history, including details about what you bought, when you made the purchase, the amount spent, and whether you used a coupon or loyalty card.
• Your Consent: By signing up for loyalty programs or similar initiatives offered by stores, you may have unintentionally granted consent for your data to be shared (unless you carefully read the terms and conditions).

These methods enable data brokers to compile extensive profiles on individuals, combining various sources of information to gain a comprehensive understanding of their lives.

What kind of information do data brokers collect?

Data brokers utilize these diverse sources to gather an extensive array of information about individuals. The data collected includes:

• Personal Identifiers: Name, both current and past addresses, date of birth, gender, marital status, and family status (including the number and ages of children).
• Sensitive Identifiers: Social Security number, which is highly confidential and poses potential security risks.
• Educational and Occupational Details: Levels of education attained and current occupation.
• Contact Information: Phone numbers and email addresses.
• Consumer Behavior: Buying patterns, including what items are purchased, when they are bought, and the amounts spent.
• Personal Interests and Hobbies: Information about individual preferences and recreational activities.
• Additional Personal Details: Assets, potentially income levels, some health-related data, political views, and any criminal records.

Data brokers consolidate this information to create user segments, such as “new mothers” or “fitness enthusiasts,” which they sell to other companies for commercial purposes. While certain categories may appear innocuous, concerns arise when data brokers delve into medical or personal circumstances, such as categorizing individuals as “HIV sufferers.”

Despite the vast amount of data collected, data brokers are not always accurate in their assessments. For instance, purchasing baby clothes for a friend or relative could lead the data broker to assume one is a parent, even if they are not. Similarly, buying medications for an elderly family member might be misconstrued as an indicator of one’s own health status. Such inaccuracies highlight the limitations and potential flaws in the data broker’s profiling techniques.

How is your data used?

Data brokers engage in the sale of personal data to various companies for diverse commercial purposes, including:

• Marketing and Advertising: Businesses purchase data from data brokers to customize marketing messages, customer offers, and online advertising tailored specifically to individual consumers. During election campaigns, political parties may also leverage data to target individuals with political messaging.
• Risk Mitigation: Some companies utilize data obtained from data brokers to combat fraud. For example, they may cross-reference the information provided by consumers on loan applications with the data supplied by data brokers to verify its accuracy. Additionally, this information can be used to assess the likelihood of a consumer defaulting on a loan.
• Health Insurance: Health insurance companies may use data about an individual’s health, such as medication purchases and online symptom searches, to determine appropriate insurance rates based on their data profile.
• People Search Sites: Websites like Spokeo, PeekYou, PeopleSmart, Pipl, and others offer people search services, allowing users to search for individuals by name and, usually for a fee, access information like addresses, phone numbers, email addresses, and dates of birth. The data powering these sites is often sourced from data brokers and can be exploited for activities like doxing, social engineering, or identity theft.

Are data brokers legal?

The legal landscape surrounding data brokers and privacy is complex and differs across jurisdictions. While laws regarding data broker activities are not always straightforward, certain general principles must be considered.

In the European Union (EU), the General Data Protection Regulation (GDPR) is a significant data privacy and security law that applies to organizations targeting or collecting consumer data within the EU. The GDPR mandates explicit consent from individuals before their data can be collected. It also grants individuals the right to request the deletion of their stored data. Similar data protection laws exist in other countries, such as the Brazilian LGPD (Lei Geral de Proteção de Dados).

In the United States, the legal landscape is more fragmented as there is no comprehensive federal law equivalent to the GDPR. Data privacy laws vary from state to state, with certain states showing more interest in regulating data broking practices. For example, California’s Consumer Privacy Act empowers consumers to obtain copies of their compiled data from data brokers, request data deletion, and opt out of data sales.

It is worth noting that consent for data collection is often buried in the fine print of websites’ terms and conditions, making it less apparent to individuals how much control they relinquish over their data.

Data brokers’ data breach examples

Apart from the ethical and legal concerns surrounding data brokerage, a significant worry involves the potential for data breaches. Data brokers accumulate sensitive information that, if accessed by unauthorized individuals, can have severe consequences for those affected.

Several notable security incidents involving data brokers include:

• Equifax Data Breach (2017): Equifax suffered a data breach that exposed the personal information of approximately 147 million individuals. Following the breach, Equifax reached a settlement with the Federal Trade Commission and 50 states involving compensation of up to $425 million for affected individuals.
• T-Mobile and Experian Data Breach (2015): A breach occurred where 15 million records belonging to T-Mobile, but stored on Experian’s servers, were illicitly accessed.
• Epsilon Email Marketing Breach (2011): Epsilon, an email marketing service provider, experienced a hacking incident that exposed millions of individuals’ names and email addresses on their marketing lists. As a result, affected individuals faced spam and targeted phishing attempts.
• Acxiom Data Breach (2003): Acxiom, a data broker, encountered a hacking incident where over 1.6 billion records, including names, addresses, and email addresses, were stolen and sold to spammers.

These incidents underscore the potential risks associated with data brokerage and highlight the importance of robust security measures to safeguard sensitive personal information.

How to protect yourself from data brokers

Achieving complete exclusion from data broker lists is challenging, but there are steps you can take to minimize your presence and protect your privacy online. One option is to individually contact data broker sites to request the removal of your information, although this can be time-consuming. Alternatively, there are companies that offer paid services to handle this process for you. However, a more proactive approach is to take measures to avoid being listed by data brokers in the first place.

Steps to remove yourself from data collection sites:

• Privacy Rights Clearinghouse: Visit their comprehensive data broker list, which includes links to privacy policies and opt-out instructions for each broker. Remember to revisit this process regularly for effectiveness. EU residents can refer to a guide on sending GDPR erasure requests and further information on data collection site removal.
• Utilize Brand Yourself: This service scans major data broker databases to identify where your data is present, providing a starting point for removal.
• Create a separate email account: To contact data brokers for opting out, using a secondary email account is recommended to protect your primary account from spam and potential risks.
• File complaints if necessary: If you have concerns about how a company handles your personal data, file a complaint with the relevant government agency in your country, such as the Federal Trade Commission in the US or the Information Commissioner’s Office in the UK.

Paying for privacy services:

Consider companies like PrivacyDuck or DeleteMe, which specialize in preserving your privacy. These services charge a fee for their assistance.

Enhancing online privacy:

• Understand data privacy laws: Familiarize yourself with the legal framework governing data privacy in your country or state to understand your rights.
• Be cautious on social media: Avoid sharing personal information, such as your date of birth, publicly. Make your social media accounts private to limit visibility to friends and family.
• Exercise caution online: Refrain from participating in online quizzes or sweepstakes, as these often collect data about you. Avoid downloading apps from untrustworthy sources and remove unnecessary apps.
• Minimize online accounts: Keep only the essential accounts and close any unnecessary ones.
• Beware of unknown emails: Avoid opening emails from unknown senders, as they may contain malicious content.
• Use privacy-enhancing tools: Employ a web browser with built-in tracker-blocking and ad-blocking features. Consider using a VPN (Virtual Private Network) to encrypt your data and hide your IP address, enhancing online privacy. Kaspersky VPN Secure Connection is one such option.

By following these measures, you can proactively safeguard your privacy and reduce your presence on data broker lists.

Explore Your Presence through Data Brokers

Delve into the World of Data Brokers and Uncover Your Digital Footprint

While discussing our programs, we often emphasize the significance of Customer ID from a business perspective. However, let’s shift our focus for a moment. Did you realize that third-party data brokers collect vast information about your online activities?

Are you aware that these companies must provide you access to this data? By examining the cookies stored on your device, you can discover your consumer classification. Take a look at the following link for more information: https://legal.epsilon.com/dsr/