ANALYSIS. In the wake of the White House hosting a roundtable discussion on better shielding people from unwarranted surveillance, an American watchdog said today that it would implement new regulations controlling the kind of personal information brokers are allowed to gather and sell.
The US government's Consumer Financial Protection Bureau (CFPB) began looking into businesses that monitor customers' daily activities and share that data back in March. This private information can be obtained through public data, scraped from social media, purchased from businesses like financial institutions, gathered from websites and mobile apps, and packaged for sale—ideally anonymized and aggregated. The CFPB Director Rohit Chopra recently said this:
Reports about monetization of sensitive information — everything from the financial details of members of the US military to lists of specific people experiencing dementia — are particularly worrisome when data is powering artificial intelligence and other automated decision-making about our lives. The CFPB will be taking steps to ensure that modern-day data brokers in the surveillance industry know that they cannot engage in illegal collection and sharing of our data.
These efforts specifically include guidelines to guarantee data brokers abide by the US Fair Credit Reporting Act (FCRA). By doing this, it would be ensured that any businesses that profit from the sale of customer data would be forbidden from using it for reasons except those covered by the federal statute of 1970.
The CFPB received more than 7,000 replies to its information request, and the majority of these reaffirm concerns expressed by Congress: data brokers are flouting privacy regulations and instead are selling very personal information.
What the future holds for data brokers
During the White House meeting held today, Chopra shared more information about its plans. First, he stated, a "consumer reporting agency" would be defined as a data broker that sells specific categories of customer data.
The CFPB is considering a proposal that would generally treat a data broker's sale of data regarding, for example, a consumer's payment history, income, and criminal records as a consumer report, because that type of data is typically used for credit, employment, and certain other determinations, This would trigger requirements for ensuring accuracy and handling disputes of inaccurate information, as well as prohibit misuse.
The second suggestion seeks to define "credit header data" and determine whether it constitutes a consumer report. This is personally identifying data from consumer reports produced by Equifax, Experian, TransUnion, and other credit reporting agencies, such as names, addresses, and Social Security numbers. The credit header information that data brokers buy from the big three is often used to compile dossiers on people.
The CFPB expects to propose to clarify the extent to which credit header data constitutes a consumer report, reducing the ability of credit reporting companies to impermissibly disclose sensitive contact information that can be used to identify people who don't wish to be contacted, such as domestic violence survivors.
How about a federal Delete Act?
The National Consumer Law Center, Demand Progress, Electronic Privacy Information Center (EPIC), and Just Futures Law were among the organizations who praised the CFPB suggestions.
For far too long, data brokers have been permitted to make money from the personal information of Americans with little to no regulation, jeopardizing their safety and privacy. The CFPB's move will bring desperately needed accountability and transparency to the data broker business.
References:
- Remarks of CFPB Director Rohit Chopra at White House Roundtable on Protecting Americans from Harmful Data Broker Practices