Data broker

A data broker is an individual or company that specializes in collecting personal data (such as income, ethnicity, political beliefs, or geolocation data) or data about people, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties for a variety of uses. Sources, usually Internet-based since the 1990s, may include census and electoral roll records, social networking sites, court reports and purchase histories. The information from data brokers may be used in background checks used by employers and housing.

There are varying regulations around the world limiting the collection of information on individuals; privacy laws vary. In the United States there is no federal regulation protection for the consumer from data brokers, although some states have begun enacting laws individually. In the European Union, GDPR serves to regulate data brokers' operations. Some data brokers report to have large numbers of population data or "data attributes". Acxiom purports to have data from 2.5 billion different people.

Overview

[edit]

Information broker is sometimes abbreviated to IB, and other terms used for information brokers include data brokers, independent information specialists,[1] information or data agents,[2] data providers, data suppliers,[3] information resellers, data vendors,[4] syndicated data brokers, or information product companies.[5] Information consultants, freelance librarians, and information specialists are also sometimes termed information brokers.[6][7]

Credit scores were first used in the 1950s,[8] and information brokering emerged as a career for individuals during that decade.[1] However the business of information brokering did not become widely known or specifically regulated until the 1990s.[8] During the 1970s, "information brokers" often had a library science degree; however, towards the end of the 20th century, people with degrees in science, law, business, medicine, or other disciplines entered the profession, and the line between the terms information professional and information broker became more blurred.[9] In 1977, Kelly Warnken published the first fee-based information directory, followed by the Journal of Fee-Based Information Services in 1979[9] and the book The Information Brokers: How to Start and Operate Your Own Fee-based Service in 1981.[10]

Beginning in the late twentieth century, technological developments such as the development of the Internet, increasing computer processing power, and declining costs of data storage made it much easier for companies to collect, analyze, store and transfer large amounts of data about individuals. This gave rise to the information broker or data broker industry.[11] As of 2021, there is no required academic qualification for the job of information broker; some people may have a bachelor's degree in business or marketing,[12] while others may have a background in library science, or may have worked for a database provider.[1]

Services

[edit]

Information brokering has been described as the "business of buying and selling information as a commodity".[13] Information brokers have been defined by the (US) Federal Trade Commission as "companies that collect information, including personal information about consumers, from a wide variety of sources for the purpose of reselling such information to their customers for various purposes, including verifying an individual's identity, differentiating records, marketing products, and preventing financial fraud".[4] Gartner defines an information broker as "a business that aggregates information from a variety of sources; processes it to enrich, cleanse or analyze it; and licenses it to other organizations". It states that data is "licensed for particular or limited uses" rather than sold to a client.[5]

Information brokers (IBs) collect and collate data concerning myriad topics, ranging from the daily communications of an individual to more specialized data such as product registrations,[14] patents and copyright data,[15] mostly from publicly available sources, usually obtained from online databases. They may also provide various other services, such as analysing the data and writing reports on them; creating databases for clients; or updating clients whenever new information on a specific topic or person. Clients use data brokers to save themselves time and money, as the brokers are trained in the skills needed to retrieve such information effectively and efficiently.[1] Information brokers are secondary researchers, who find information on a variety of subjects, including companies (often competitors[2]), markets, people, and products. Their role includes analysis and synthesis of the data they find,[16] Brokers may find everything else they can about an individual on the Internet, and aggregate that data with information from a variety of other sources.[3]

Information brokers sometimes specialise in a specific area, such as market research, statistics, or scientific data.[2]

Clients of information brokers come from a wide range of industries and professions, including manufacturing, financial institutions, political parties, government agencies and historians.[17] Non-profit organizations might benefit from information which helps them to apply for grant funding, and real estate agents often use IBs to undertake land title searches.[2][18] Advertising, fraud detection and risk mitigation are three common reasons for using data brokers,[3] and these are the three broad categories defined by the Federal Trade Commission.[4] Information brokers need to screen their clients carefully to avoid criminals obtaining data on individuals for nefarious purposes: US broking companies Lexis-Nexis and ChoicePoint have both been duped by phoney clients, leading in one case to identity theft on a large scale.[4]

Data may be harvested from various sources, including census, change of address, motor vehicle-related records, user-contributed material and social networking sites,[19] media and court reports, voter registration lists, consumer purchase histories, most-wanted lists and terrorist watch lists, bank card transaction records, health care authorities, and Web browsing histories.[8] IBs may also purchase information from other companies (such as a credit card company).[3] The information collected may include name, address, social security number, driver's licence number and other such identifying information, as well as occupation, property ownership, income, etc. Advertising companies are most often only interested in profiles and categories rather than personal information about an individual.[3]

Information from property records, tax filings, etc. may also be available via "people-search" whitepage sites, either for a small fee or no cost. These websites can thereby have implications for stalking, harassment, and domestic violence.[20]

The data are aggregated to create individual profiles, often made up of thousands of pieces of information, such as a person's age, race, gender, height, weight, marital status, religious affiliation, political affiliation, occupation, household income, net worth, home ownership status, investment habits, product preferences and health-related interests.[21] Brokers then sell the profiles to other organizations that use them mainly to target advertising and marketing towards specific groups,[17] or to verify a person's identity including for purposes of fraud detection, and to sell to individuals and organizations so they can research people for various reasons.[21] Some datasets may also include geolocation data and is included in marketing resources from Acxiom. Experian and Oracle also advertise location-based marketing services.[20]

Many brokers work independently, while others are employees of large companies such as LexisNexis or ProQuest.[17]

In the United States

[edit]

Data brokers in the United States include Acxiom, Experian, Epsilon, CoreLogic, Datalogix, Intelius, PeekYou, Exactis, and Recorded Future.[21][22] In 2012, Acxiom claimed to have files on about 500 million active consumers worldwide, with about 1,500 data points per person [23] and, in 2023, Acxiom (renamed LiveRamp) claims to have files on 2.5 billion people and over 3,000 data points per person.[24][25] The company Oracle has publicly noted it has connections with 80 data broker companies. The US Department of Homeland Security has purchased cell phone location data and home utility data from data brokers to facilitate deportations. The Federal Bureau of Investigation (FBI) has purchased personal data from the company Venntel. Under both of these circumstances, a warrant is not required to acquire this data, due to the fact that it is "open source" or "commercially obtained".[20] Use of the data also has implications in background checks (used in rent/housing and job applications).[26]

In 2012, Spokeo, a people search website, settled with the US Federal Trade Commission for $800,000 over violations of the Fair Credit Reporting Act.[27]

In 2017, Cambridge Analytica claimed that it has psychological profiles of 220 million United States citizens, based on 5,000 separate data sets,[28] with another source reporting 230 million.[29] A scandal emerged after it was found that after 270,000 Facebook users consented to sharing their data, data was scraped from about 50 million profiles on the social media platform. This was seen as breach of trust by Facebook.[30]

In 2018, American companies spent $19 billion acquiring and analyzing consumer data, according to the Interactive Advertising Bureau.[27]

In 2021, The Pillar outed a Catholic priest by purchasing data from a data broker including data usage from Grindr.[20]

Privacy issues and regulation

[edit]

Information privacy laws are not as strict in the United States as in the European Union, where data brokers work hard to get around the General Data Protection Regulation (GDPR) regulations, brought into operation in 2018. Under GDPR, data can only be collected for re-use on one of six legal bases. The rather vague term "legitimate interest" is often abused or misinterpreted.[3] Explicit consent from users is required for information storage. In addition, data processing related with political opinion and religious belief is prohibited unless the consent of data subject is granted.[31]

In the US, individuals generally cannot find out what data a broker holds on them, how a broker got it, or how it is used.[32] There is no federal law that permits or enables consumers to see, make corrections to, or opt out of data compiled by brokers.[4]

Files on individuals are generally sold in lists; examples cited in testimony to the U.S. Congress include lists of rape survivors, seniors with dementia, financially vulnerable people, people with HIV, police officers (by home address),[8][22] alcoholics, and people with erectile dysfunction.[3][33]

Calls for regulation in the US

[edit]

A 2007 University of California study, after requesting and analyzing information-sharing practices at 86 companies, found many operating under an opt-out model that it described as inconsistent with consumer expectations, and recommended that the California state legislature require companies to disclose their information-sharing policies using clear, unambiguous language, and consider creating a centralized, user-friendly method for consumers to opt out of information-sharing.[34]

The proposed US Data Accountability and Trust Act (introduced in 2009)[35] contained a number of requirements for auditing and verification of accuracy of data held by information brokers, and additional measures in the case of a security breach. The bill also gave identified individuals the means and opportunity to review and correct the data held that related to them. It passed through the United States House of Representatives in the 111th United States Congress, but failed to pass the United States Senate. It was revived by the 112th United States Congress in 2011 as H.R. 1707.,[36] but died after being referred to committee. The bill was first introduced by Rep. Bobby Rush [D-IL1] on 30 April 2009, H.R. 2221.[37]

In 2009, the U.S. Federal Trade Commission had recommended the United States Congress develop legislation enabling consumers to see the information that data brokers hold about them, a recommendation it renewed in subsequent reports in 2012 and 2014. In 2013, the U.S. Government Accountability Office also called for Congress to consider legislation.[21][38]

In October 2019, California Governor Gavin Newsom signed into action statute AB 1202. This bill "would require data brokers to register with, and provide certain information to, the Attorney General. The bill would define a data broker as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions".[39] This law was created to safeguard against the "cloak of invisibility" (unregistered, unregulated, untracked information broker) that previous data brokers roamed in. It was also meant to regulate the purchasing of data in commercial third party buyers, and tracks the data brokers information trades.[clarification needed][40]

Due to the interest in federal regulation, data broker firms have lobbied and spent $29 million in the year 2020.[26]

Criticisms, consumer rights and breaches

[edit]

A United States Senate Committee in 2013 published A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes.[22] It states that "Today, a wide range of companies known as 'data brokers' collect and maintain data on hundreds of millions of consumers, which they analyze, package, and sell generally without consumer permission or input." Their main findings were that:

  • Data brokers collect a huge volume of detailed information on hundreds of millions of consumers.
  • Data brokers sell products that identify financially vulnerable consumers.
  • Data broker products provide information about consumer offline behavior to tailor online outreach by marketers.
  • Data brokers operate behind a veil of secrecy.

The information produced by data brokers has been criticized for enabling discrimination in pricing, services and opportunities. For example, a May 2014 White House report found that web searches that included black-seeming first names such as Jermaine were more likely to result in ads being displayed that include the word "arrest," compared with web searches including white-seeming first names such as Geoffrey.[11]

An Online Information Broker FAQ[41] is published by Privacy Rights Clearinghouse (PRC), a nonprofit consumer organization in the United States. PRC also maintains a list of information brokers, with links to their privacy policies, terms of service, and opt-out provisions.[42]

Data brokers have also faced legal charges for security breaches due to poor data security practices.[43]

Professional associations

[edit]

The Association of Independent Information Professionals (AIIP) is a professional association based in Baton Rouge, Louisiana, with members from 20 countries worldwide,[44] representing both primary and secondary researchers.[16]

Fiction

[edit]

Examples of information brokers in contemporary fiction would be the Shadow Broker in the video game series Mass Effect; Nicholas Wayne, Rachel, Elean Duga, Gustav St. Germain, Carol, and the President of the Daily Days newspaper company in Baccano!; or Izaya Orihara in the light novel series Durarara!!. A few of the characters in Neal Stephenson's novel Snow Crash find work selling data as "stringers" for the Central Intelligence Corporation. Information broker characters play a prominent role in stories published by DC Comics. The character trope is best exemplified by the superhero Oracle, but the trope is later used with the characters Calculator, Proxy, Chloe Sullivan, and Felicity Smoak as well.

See also

[edit]

References

[edit]
  1. ^ a b c d "Information Brokers". Inc.com. 6 February 2020. Retrieved 11 March 2021.
  2. ^ a b c d Luenendonk, Martin (18 September 2019). "How to become an information broker". Cleverism. Retrieved 11 March 2021.
  3. ^ a b c d e f g "What Is a Data Broker and How Does It Work?". Clearcode. 4 February 2019. Retrieved 12 March 2021.
  4. ^ a b c d e "Information Brokers". The Social Engineering Framework. 4 December 2020. Retrieved 12 March 2021.
  5. ^ a b "Definition of Data Broker". Gartner. Retrieved 12 March 2021.
  6. ^ "Information Consultant". ScienceDirect Topics. Retrieved 12 March 2021.
  7. ^ Broughton, D.; Blackburn, L.; Vickers, L. (1991). "Information brokers and information consultants". Library Management. 12 (6): 4–16. doi:10.1108/EUM0000000000838.
  8. ^ a b c d "Congressional Testimony: What Information Do Data Brokers Have on Consumers?".
  9. ^ a b Sabroski, Suzanne J., ed. (2000). The independent information professional (PDF) (Report). AIIP.
  10. ^ Warnken, K. (1981). The Information Brokers: How to Start and Operate Your Own Fee-based Service. Information management series. Bowker. ISBN 978-0-8352-1287-8. Retrieved 11 March 2021.
  11. ^ a b "Big data: seizing opportunities, preserving values" (PDF). Executive Office of the President. May 2014. Archived from the original (PDF) on 20 January 2017. Retrieved 17 August 2014.
  12. ^ "Information broker job description, career as an information broker, salary, employment". StateUniversity.com. Retrieved 12 March 2021.
  13. ^ Bressan, Stephane; Lee, Thomas (June 1997). Information Brokering on the World Wide Web (PDF) (Report). Sloan School of Management, Massachusetts Institute of Technology. Accepted at the WebNet 97 World Conference.
  14. ^ Kitchin, Rob (2014). The Data Revolution. Sage Publications Ltd. (UK).
  15. ^ Campana, Natalia (6 February 2020). "What does an Information Broker do?". Freelancer Blog. Retrieved 12 March 2021.
  16. ^ a b "Research Specialists". The Association of Independent Information Professionals (AIIP). Retrieved 11 March 2021.
  17. ^ a b c "All About information brokers: what they do and how to become one". Fairygodboss. Retrieved 11 March 2021.
  18. ^ "Information Brokers". NSW Land Registry Services. Retrieved 12 March 2021.
  19. ^ Beckette, Lois (9 November 2012). "Yes, Companies Are Harvesting – and Selling – Your Facebook Profile". Retrieved 17 August 2014.
  20. ^ a b c d Sherman, Justin. "Data Brokers Know Where You Are—and Want to Sell That Intel". Wired. ISSN 1059-1028. Retrieved 15 April 2022.
  21. ^ a b c d "Data Brokers: A Call for Transparency and Accountability" (PDF). Federal Trade Commission. Government of the United States. May 2014. Retrieved 13 August 2014.
  22. ^ a b c http://educationnewyork.com/files/rockefeller_databroker.pdf [bare URL PDF]
  23. ^ Singer, Natasha (16 June 2012). "Acxiom, the Quiet Giant of Consumer Database Marketing". The New York Times. Retrieved 22 March 2019.
  24. ^ "Acxiom sales brochure" (PDF). Acxiom. Retrieved 3 August 2023.
  25. ^ "Acxiom Launches Marketplace to Drive Smarter Campaigns". Acxiom. Retrieved 3 August 2023.
  26. ^ a b Sherman, Justin. "Data Brokers Are a Threat to Democracy". Wired. ISSN 1059-1028. Retrieved 25 January 2022.
  27. ^ a b Matsakis, Louise. "The Wired Guide to Your Personal Data (and Who Is Using It)". Wired. ISSN 1059-1028. Retrieved 15 April 2022.
  28. ^ Govind Krishnan V. (3 June 2017). "Aadhaar in the hand of spies Big Data, global surveillance state and the identity project". Fountain Ink Magazine. Archived from the original on 26 August 2017. Retrieved 27 August 2017.
  29. ^ Cadwalladr, Carole (18 March 2018). "'I made Steve Bannon's psychological warfare tool': meet the data war whistleblower". The Guardian. Retrieved 22 March 2019.
  30. ^ Glum, Julia (22 March 2018). "Was Your Facebook Data Actually 'Breached'? Depends On Who You Ask". Money. Retrieved 12 March 2021.
  31. ^ "Answer to Question No E-000054/19". www.europarl.europa.eu. Retrieved 1 December 2020.
  32. ^ "Online Information Broker FAQ". Privacy Rights Clearinghouse. privacyrights.org. 4 October 2010. Archived from the original on 19 August 2016. Retrieved 6 May 2014.
  33. ^ Hill, Kashmir (19 December 2013). "Data broker was selling lists of rape victims, alcoholics, and 'erectile dysfunction sufferers'". Forbes. Retrieved 12 March 2021.
  34. ^ Hoofnagle, and Jennifer King, Chris Jay (17 December 2007). "Consumer Information Sharing: Where the Sun Still Don't Shine". (working Paper). SSRN 1137990.
  35. ^ "Data Accountability and Trust Act: Federal Breach Notification, Data Security Policies and File Access Addressed". Privacy Compliance & Data Security. 7 May 2009. Retrieved 12 March 2021.
  36. ^ Data Accountability and Trust Act (2011; 112th Congress H.R. 1707). GovTrack.us. Retrieved on 12 November 2013.
  37. ^ "Data Accountability and Trust Act (2009; 111th Congress H.R. 2221)". govtrack.us. Retrieved 12 November 2013.
  38. ^ "TC Recommends Congress Require the Data Broker Industry to be More Transparent and Give Consumers Greater Control Over Their Personal Information". Federal Trade Commission. 27 May 2014. Retrieved 31 May 2014.
  39. ^ "Assembly Bill No. 1202". 2019.
  40. ^ Lazarus, David (5 November 2019). "Column: Shadowy data brokers make the most of their invisibility cloak". Los Angeles Times.
  41. ^ "Online Information Broker FAQ". Archived from the original on 19 August 2016. Retrieved 20 April 2012.
  42. ^ "Privacy Rights Clearinghouse". Archived from the original on 11 September 2016. Retrieved 20 April 2012.
  43. ^ "Agency Announces Settlement of Separate Actions Against Retailer TJX, and Data Brokers Reed Elsevier and Seisint for Failing to Provide Adequate Security for Consumers Data". 27 March 2008.
  44. ^ "Contact Us". The Association of Independent Information Professionals (AIIP). Retrieved 11 March 2021.

Further reading

[edit]
[edit]