WASHINGTON, D.C. -- Within the World Wide Web, lies a whole world of information.
“We worried about hackers,” said University of Maryland professor Jennifer Golbeck, “but we didn't worry about essentially ‘surveillance capitalism’ – companies that make money by collecting data about us and selling it to other people.”
Those companies are known as “data brokers.” They operate with little oversight, but collect thousands of pieces of data about you every day.
What could it include?
If you have a store loyalty card – they know what you buy.
If you have an app – they can track your location and what websites you visit.
Credit reports, real estate transactions, job applications: all can be compiled by data brokers to paint a picture of who you are.
They don’t have to tell you about it and it’s all perfectly legal.
Prof. Golbeck specializes in data privacy at University of Maryland’s College of Information Studies and has looked at the way data brokers operate.
“For data brokers, in particular, people have tried [to find out what they know] and most of the time they won't share it because that's their product. The thing that has a value is all that data. So, they don't want to give it away,” she said. “It's their data. It's about you. And that, I think, is really the fundamental problem with how we think about data in the U.S. It is my data. It's information about me. But I don't have a right to it. I don't own it here.”
That is not the case in Europe, where the European Union enacted the “General Data Protection and Regulation” law in 2018. It regulates the processing of personal information and data and allows consumers to request a copy of the data collected about them – similar to the way people in the U.S. can get a copy of their credit report. Privacy experts say that’s what makes the need for federal oversight of data brokers so critical.
“Ultimately, this is not a ‘David versus Goliath’ situation. It is not something that consumers can solve on their own,” said Alan Butler, senior counsel for the Electronic Privacy Information Center (EPIC) in Washington, D.C.
This month, Sen. Kirsten Gillibrand (D-New York) introduced the “Data Protection Act of 2020.” Among other things, it would create a federal “Data Protection Agency” that would protect consumers and monitor where their data goes and how it’s used.
“I think what we've seen over the past 10 years is an increase really an epidemic of data breach in this country. And that's really the result of the amassing of so much personal information in given places,” Butler said. “Really, we need laws that limit and control the collection of personal information rather than our current situation.”
California recently enacted a stronger data privacy law within that state: the California Consumer Privacy Act, which allows people to learn what data is being collected about them and allows them to opt out of having their data sold. Experts believe that law could end up having a cascading effect and spread to other states, but a federal law would be the only way to guarantee those protections to all Americans.
In the meantime, experts say in order to protect yourself, install a tracker blocker on your phone and browsers and set all your online settings to private.