Data Mining & Privacy: Who’s Watching Them Watch You?
Recently, the Federal Trade Commission issued a detailed report that summarized extensive data collection efforts that it uncovered in its study of the data brokerage industry. The FTC recommended that Congress require the data broker industry to give consumers greater control over their personal information to police the questionable data practices the study revealed.
Yet, just a few weeks later, a Wall Street Journal headline read, “Facebook to Give Advertisers More User Data.” The article summarized Facebook’s efforts to vacuum up its users’ web browsing habits and sell that data to advertisers. According to media reports, Facebook collects web browsing histories by placing code on its users' computers, thereby gathering data about the websites its users visit. Facebook apparently also gathers data about which apps its users have downloaded onto their mobile devices.
Facebook’s sale of web browsing history demonstrates the steady growth of mining of customer data—and brings with it a number of questions about data mining, consumer rights, and data privacy. Many assume that someone is regulating the space, protecting consumers, and providing a legal framework on which businesses can rely to guide legitimate commercial interests.
Data mining’s big surprise? Right now, a substantial legal and regulatory void exists regarding data mining’s most critical privacy and business questions.
Data collection: Harmless or harmful?
Data brokers collect and store billions of data elements covering virtually everyone in the United States. Brokers collect and aggregate data regarding everything from shopping preferences to healthcare data to public records such as lawsuits and arrests. Often the nature of the information sold is disturbing: a list of individuals in financial distress, diabetics, smokers in the household, and political and religious affiliations. Recent reports reveal utterly shocking data aggregation, for instance the identity of rape victims, AIDS victims, and people with addictions. Frequently this information is gathered and sold without consumers’ knowledge. As an FTC Chairwoman put it, “you may not know them, but data brokers know you.”
At first glance, some of the data these companies collect may appear fairly harmless. For instance, software-generated groupings could simply label a person assumed to be a “biker enthusiast.” That might lead to the individual receiving special offers from the local motorcycle dealer. But that same person could also pay higher fees for life insurance because insurers reason that the person engages in risky behavior.
The information gathered by data brokers poses a risk to consumers, including the denial of opportunities based on inaccurate information, public disclosure of information many consumers regard as private (e.g. their health), or even something as menacing as stalking. Moreover, storing vast amounts of aggregated data indefinitely may create security risks.
Regulating data mining
The opaque nature of how companies use consumer data to make credit, housing, employment, and similar determinations led to the passage of the Fair Credit Reporting Act (“FCRA”) in 1970. The FTC has brought over 100 law enforcement actions under the FCRA since then, but huge portions of the data mining business fall outside the statute.
In February 2014, Senators John D. Rockefeller and Edward Markey introduced a bill to address those shortfalls. The proposed legislation would require data brokers to disclose more information about their practices. It also would require brokers to give consumers more control over the information these companies collect and sell.
In addition, the FTC has called for transparency across the data broker industry, providing more information about the sources of data brokers’ information, and giving consumers access and the ability to correct data used for marketing and risk mitigation products. Other proposals encourage data brokers to be more accountable by conducting due diligence on their customers’ use of the data, and creating contractual requirements that prohibit their customers from using the data in an unlawful manner.
The data broker industry generally opposes the proposed legislation, asserting that effective self-regulation is the preferred solution in an industry that is changing quickly and growing rapidly. Yet many caution those collecting, aggregating and selling data to take steps to get out ahead of legislative and regulatory efforts. The absence of standards only serves to lead to further abuses and unwanted media attention—all of which could easily create a backlash against the industry.
Tremendous benefits can flow from the insights of data mining—especially as powered by new big data technologies. But a backlash of consumers offended by the continued encroachment on their privacy, coupled with the risks of long-term storage of that data, could easily lead to upending business models based on fluid use of consumer’s data. A proactive effort to regulate data collection and aggregation efforts is more likely to preserve the beneficial insights and opportunities data mining has and will continue to offer.
 Democrat of West Virginia and Democrat of Massachusetts, respectively