December 21, 2021
When it comes to vacuuming-up consumer data, there is no distinction between that which is “personally identifiable” and that which is not, according to recent media reports. Data collection firms are reportedly hiding behind a false notion of privacy in order to keep Congress on track to allow the industry to police itself. This would enable the companies to continue mining personal information and selling it, whether to those trying to influence election outcomes, pharmaceutical firms trying to boost sales or insurance companies sniffing around for preexisting conditions.
“Brokers sell information that can help scammers target the elderly and servicemembers, or help foreign adversaries,” writes Roll Call in an article about a Senate Finance Committee hearing on “the shady world of third-party brokers that buy and sell personal data on hundreds of millions of Americans each year.”
While there are various bipartisan Congressional privacy bills floating around to limit data the Securities and Exchange Commission can collect or restrict the dissemination of COVID-19 contact tracing information, hard lines have yet to be drawn.
Lawmakers seem convinced companies can promise to install guardrails to “anonymize” data, thereby rendering it harmless, in order to exempt themselves from disclosures or collection restrictions. But Wired doesn’t believe anonymity is possible.
However, as author Justin Sherman writes, “you can basically reidentify anything. ‘Anonymity’ is an abstraction. Even if a company doesn’t have your name (which they probably do), they can still acquire your address, Internet search history, smartphone GPS logs, and other data to pin you down. Yet this flawed, dangerous narrative persists and continues to persuade lawmakers, to the detriment of strong privacy regulation.”
As Sherman said in testimony before the Senate Finance Committee on December 7, California and Vermont — states with data collection laws — provide inadequate safeguards by relying on disclosure (companies brokering data must put their names on a registry).
“These laws define data brokers (generally) as only those companies buying and selling data on people with whom they do not have a direct business relationship. This definition excludes every single company that buys, sells, and shares data on its own customers from coverage,” Sherman testified.
As reported in Nextgov, Senator Ron Wyden (D-Oregon) attributes the rampant sale of consumer data to a loophole in the Electronic Communications Privacy Act of 1986, which permits companies with access to consumer information to share it with third parties, something he calls “an outrageous privacy violation and a shameless end run around the Fourth Amendment.”
Nextgov says Wyden revealed that U.S. government agencies (the Internal Revenue Service and Customs and Border Protection) have purchased consumer data from Big Tech: “These agencies would need a court order to obtain location data from AT&T and Verizon, or from Google and Facebook, but they’re exploiting the data broker loophole.”