Many people I’ve spoken to have a pretty good understanding that companies like Facebook and Google have a massive amount of data on them. And most of those people also understand that companies like Facebook and Google package this data about them and sell it to advertisers. But few people I’ve talked to know that Facebook, Google, and other companies also sell your data to third-party data brokers.
As the name suggests, a data broker trades in information–your information. After the data broker buys information about you from Facebook or Google, it then in turns sells your information to other parties: businesses, advertisers, governments, consulting firms, bounty hunters–you name it. They can see where you live, what you search for, who you like, who you love, what your religious and political beliefs are. And those parties can use your information pretty much however they want–and you’ll never have a clue they are doing it, nor will you be compensated for them using your data or be able to tell them to stop using it.
That’s something Apple’s CEO Tim Cook wants to change. Apple is already one of the best companies when it comes to protecting user privacy, but now it wants to use its influence with Congress to increase protections for people beyond its iPhone and Mac user base. In an essay for Time magazine today, Cook argues that it’s time for the U.S. Congress to pass comprehensive federal privacy legislation that effectively ends the “shadow economy” of data brokers.
“One of the biggest challenges in protecting privacy is that many of the violations are invisible,” Cook writes. “For example, you might have bought a product from an online retailer–something most of us have done. But what the retailer doesn’t tell you is that it then turned around and sold or transferred information about your purchase to a ‘data broker’–a company that exists purely to collect your information, package it, and sell it to yet another buyer.
“The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that’s largely unchecked–out of sight of consumers, regulators, and lawmakers. Let’s be clear: You never signed up for that. We think every user should have the chance to say, ‘Wait a minute. That’s my information that you’re selling, and I didn’t consent.'”
But Cook doesn’t only argue for legislation restricting data brokers from accessing your information from the shadows–he wants the Federal Trade Commission to establish a data broker database that would require all data brokers to register and provide tools that would allow anyone to do a simple search to find out who has their data and give the individual “the power to delete their data on demand, freely, easily, and online, once and for all.”
Comprehensive data privacy laws are something that is long overdue in most countries around the world. The European Union has led the way with its General Data Protection Regulation (GDPR), which now holds data brokers accountable for an individual’s data. Think we don’t need something similar here? This fact might change your mind: A major 2014 report by the FTC documented just how much information some data brokers have on you and every other American. It found “one data broker’s database has information on 1.4 billion consumer transactions and over 700 billion aggregated data elements; another data broker’s database covers 1 trillion dollars in consumer transactions; and yet another data broker adds 3 billion new records each month to its databases.”
Cook’s initiative to start a public discussion around the shadowy world of data brokers and increased data protection policies for Americans will no doubt be applauded by civil liberties unions and privacy advocates. However, his initiative is sure to get pushback from major tech companies like Google and Facebook. Whether or not such privacy legislation will ever be passed, however, likely relies on support from the public and people like you.
You can read an excerpt from Cook’s Time essay below:
In 2019, it’s time to stand up for the right to privacy–yours, mine, all of ours. Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.
This problem is solvable–it isn’t too big, too challenging or too late. Innovation, breakthrough ideas and great features can go hand in hand with user privacy–and they must. Realizing technology’s potential depends on it.
That’s why I and others are calling on the U.S. Congress to pass comprehensive federal privacy legislation–a landmark package of reforms that protect and empower the consumer. Last year, before a global body of privacy regulators, I laid out four principles that I believe should guide legislation:
First, the right to have personal data minimized. Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place. Second, the right to knowledge–to know what data is being collected and why. Third, the right to access. Companies should make it easy for you to access, correct and delete your personal data. And fourth, the right to data security, without which trust is impossible.
But laws alone aren’t enough to ensure that individuals can make use of their privacy rights. We also need to give people tools that they can use to take action. To that end, here’s an idea that could make a real difference.
One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer–something most of us have done. But what the retailer doesn’t tell you is that it then turned around and sold or transferred information about your purchase to a “data broker”–a company that exists purely to collect your information, package it and sell it to yet another buyer.
The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that’s largely unchecked–out of sight of consumers, regulators and lawmakers.
Let’s be clear: you never signed up for that. We think every user should have the chance to say, “Wait a minute. That’s my information that you’re selling, and I didn’t consent.”
Meaningful, comprehensive federal privacy legislation should not only aim to put consumers in control of their data, it should also shine a light on actors trafficking in your data behind the scenes. Some state laws are looking to accomplish just that, but right now there is no federal standard protecting Americans from these practices. That’s why we believe the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.
As this debate kicks off, there will be plenty of proposals and competing interests for policymakers to consider. We cannot lose sight of the most important constituency: individuals trying to win back their right to privacy. Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it.