Out of the U.S. today comes a slew of new proposed restrictions against data brokers and their creepy practices.
The Consumer Financial Protection Bureau:
[…] The proposed rule would limit the sale of personal identifiers like Social Security Numbers and phone numbers collected by certain companies and make sure that people’s financial data such as income is only shared for legitimate purposes, like facilitating a mortgage approval, and not sold to scammers targeting those in financial distress. The proposal would make clear that when data brokers sell certain sensitive consumer information they are “consumer reporting agencies” under the Fair Credit Reporting Act (FCRA), requiring them to comply with accuracy requirements, provide consumers access to their information, and maintain safeguards against misuse.
The Federal Trade Commission:
The Federal Trade Commission will prohibit data broker Mobilewalla, Inc. from selling sensitive location data, including data that reveals the identity of an individual’s private home, to settle allegations the data broker sold such information without taking reasonable steps to verify consumers’ consent.
And also the Federal Trade Commission:
The Federal Trade Commission is taking action against Gravy Analytics Inc. and its subsidiary Venntel Inc. for unlawfully tracking and selling sensitive location data from users, including selling data about consumers’ visits to health-related locations and places of worship.
Both of the proposed FTC orders require these businesses to “maintain a sensitive location data program designed to develop a list of sensitive locations and prevent the use, sale, license, transfer, sharing, or disclosure of consumers’ visits to those locations”. These include, for example and in addition to those in the above quotes, shelters, labour union offices, correctional facilities, and military installations. This order was previewed last month in Wired.
As usual, I am conflicted about these policies. While they are yet another example of Lina Khan’s FTC and other government bureaucrats cracking down on individually threatening data brokers, it would be far better for everyone if this were not handled on a case-by-case basis. These brokers have already caused a wealth of damage around the world, and only they are being required to stop. Other players in the rest of the data broker industry will either self-govern or hope they do not fall into the FTC’s crosshairs, and if you believe the former is more likely, you have far greater faith in already-shady businesses than I do.
There is another wrench in these proposals: we are less than two months away from a second Trump presidency, and the forecast for the CFPB looks unfriendly. It was kneecapped during the first administration and it is on the chopping block for those overseeing a advisory committee masquerading as a government agency. The future of the FTC is more murky, with some indicators it will continue its current path — albeit from a Republican-skewed perspective — while others suggest a reversal.
The centring of the U.S. in the digital activity of a vast majority of us gives it unique power on privacy — power it has, so far, used in only very small doses. The future of regulatory agencies like these has relevance to all of us.