How much information should data brokers be able to harvest and sell from people’s personal information? Although technology has grown significantly and the internet hosts a plethora of information, not much has been done to regulate what corporations can legally collect and use. Now, however, Congress is close to finalizing the federal American Data Privacy and Protection Act (ADPPA), which data collectors are scrambling to prevent.
Data Brokers Spend Millions in Lobbying
At least five prominent data brokers have spent about 11% more on lobbying in the second quarter compared to last year, presumably after lawmakers on both sides of the aisle reached a compromise on ADPPA. RELX, the parent company of LexisNexis and ThreatMetrix, digital identity services, spent 26% more on lobbying. If passed, the bill would give consumers more power over what information they can collect, which does not appeal to the brokers.
Deputy Director of the Electronic Privacy Information Center in DC Caitriona Fitzgerald remarked, “ADPPA has moved farther through Congress than any privacy bill has in many years.” She added, “Data brokers are likely responding to the fact that Congress seems serious about passing privacy regulations.”
The statistics collected by location data brokers involve people’s activities and whereabouts through apps, including online shopping activities and more. This, in turn, is used for commerce, estimated to be a $240 billion market. Some are concerned the information gathered is being used to surveille protesters, political groups, and other influencers.
The bill was sponsored by Frank Pallone (D-NJ), House Energy and Commerce chair. If approved, it would allow people to deny companies to use their information and impose stricter restrictions on what data can be aggregated and shared with third parties.
TransUnion (a US consumer credit reporter) and UK-based RELX want lawmakers to ease the proposed data-sharing restrictions, suggesting it would hinder crime investigations. TransUnion, which owns the data broker Neustar, claims it has insights “on about 98 percent of U.S. adults” and “receives third-party data from more than 200 providers.” In April, it informed investors that it adds to its holdings each day “hundreds of millions of records” from five billion devices and two billion digital identities. The company uses the information for both fraud prevention and marketing. TransUnion Deputy General Counsel Eli Peterson wrote in an email that the company’s lobbying efforts help “ensure that fraud prevention products can continue providing meaningful consumer protections.”
Law enforcement agencies are required to get warrants to obtain digital evidence; however, they get around that by buying the information from data brokers. Michael Lamb, RELX chief privacy officer, said that the company shares its data to fight fraud, including money laundering and human trafficking. He argued that allowing people to opt out would permit criminals the same option:
“We obtain our data indirectly, and we would be subject to a blanket opt-out rule where any criminal or anyone else planning a crime is free to opt-out of these services that are really vital for law enforcement and for fraud prevention.”
Larry Cosme, a retired Department of Homeland Security agent and president of the Federal Law Enforcement Officers Association, said the bill would have an impact on criminal investigations. He explained that information gained from data brokers helped him in several cases where warrants would take too long, such as cases involving child exploitation.
(Photo by Scott Olson/Getty Images)
Privacy advocates, however, say restrictions are necessary because companies like RELX need more oversite, not exemptions. Even when used for public safety. “Law enforcement and fraud prevention shouldn’t be a free pass to collect and sell disproportionately excessive data on the whole population,” data researcher Wolfie Christl argued. In regards to RELX, he claimed the company puts the population under surveillance, and its database has “extensive personal information about almost every American citizen.”
Law enforcement agencies are not the only ones using this information, though. In 2021, three data brokers were charged by the Justice Department for selling details on elderly Americans to scammers, according to the Lawfare website. And in 2022 a murderer used a data broker to find his victim’s workplace.
While data brokers seem to have the most to lose, making them the strongest lobbyists against ADPPA, they’re not the only ones. Tech giants such as Amazon and Microsoft, nonprofits, and even drugmakers have argued against the proposed legislation.
Preemptive Provisions Upset States
While data brokers have different reasons for protesting the privacy policies, all want the House bill to keep provisions that would pre-empt state privacy laws. California is one of the largest protesters against pre-empting because it doesn’t want its laws superseded by the federal ADPPA. But activists agree that the policy should be the same across the nation to better monitor and protect citizens’ rights.
