The Congressional Bi-Parisan Privacy Caucus today released letters from nine major data brokers in the U.S., shedding light on the practices of an industry that has received little scrutiny.
Data brokers aggregate information about individuals from online and offline sources and often sell their findings to third parties to use for targeted advertising or other purposes. The industry is relatively new, and it’s not clear how existing consumer privacy laws affect it.
The committee asked the businesses for information about their business practices in July and received the responses in August.
The lawmakers asked informed, detailed questions, but the data companies’ answers weren’t thorough enough to paint a clear picture of how consumer data is collected, according to Sarah Downey, a privacy analyst with the online privacy company Abine.
“Unfortunately, it’s clear consumers’ privacy often comes down to taking the data brokers at their word. The companies say they only buy data from reputable sources and only sell it parties who won’t misuse it — but they refuse to name those parties. It’s impossible for a consumer to truly know what’s going on with their personal information,” she said.
Nevertheless, the responses do provide some insight into who’s looking at users’ online activity and why.
Several companies reported mining public consumer information from social media sites such as Facebook and LinkedIn in addition to sources such as telephone directories, government agencies, financial institutions and directly from consumers.
Intelius, for instance, said it “collects publicly available Internet information from the public profiles posted on various websites, such as LinkedIn, Facebook, Blogspot, Twitter, WordPress, MySpace, and YouTube.”
Acxiom said it tracks “which social media sites the individual or household uses, whether they are a heavy or a light user and whether they engage in public social media activities such as signing on to fan pages or viewing YouTube videos.”
Harte-Hanks, a marketing services company, went into more detail about its attention to social networking sites.
The company wrote:
We…sometimes receive consumer information made available through the social network providers, in accordance wit their terms of service, and as authorized by the users. …We may also receive social information in de-identified and aggregate form collected by contracted third parties to better analyze consumer trends within a social platform. from time to time, we may also receive social information from contracted third parties … who are able to confirm whether a known, or previously identified individual is present within a particular social platform.
A wide array of companies pay for such data, the responses indicate. For example, Acxiom’s clients in 2009 included heavy percentages of the leading corporations, credit card issuers, insurance companies, hotels, casinos and political parties.
The company also said that 6 out of 10 of the major tech companies paid it that year for data services.
Congressional lawmakers seem poised to push the data brokers for more information than they provided in their written responses to questions.
In a joint statement from the committee’s membership, they wrote, “We want to work with the data broker industry so that it is more open about how it collects, uses, and sells Americans’ information. Until then, we will continue our efforts to learn more about this industry and will push for whatever steps are necessary to make sure Americans know how this industry operates and are granted control over their own information.”
Updated at 7:25 Eastern to reflect information from Sarah Downy of Abine.
Image: alexskopje / Shutterstock.com