Everything you need to know about data brokers
For data brokers, being unseen is part of the strategy. So we’re shining a light on the dangerous economy of selling YOUR data.
An alarming number of privacy violations are coming from just one sector of our digital economy. Enabled and empowered by weak privacy laws, these organizations are taking advantage of the Internet by profiting from the theft and sale of our most sensitive information. We’re not talking about cybercriminals – we’re talking about data brokers.
What are data brokers?
Data brokers are companies that profit from the exploitation of personal data. There are legitimate reasons for organizations to collect, use, and sometimes sell, personal information. For example, some websites place cookies on our computers. These are digital tokens that provide the convenience of things like remembering login information and items left in our shopping carts. Most Internet browsers give us the option of accepting or rejecting these digital tokens. In this way, we’re consenting to the collection and use of our personal information.
That said, we don’t have nearly enough control over how many organizations are using our data, and ALL of them need more scrutiny on and protective legislation over their behaviour. What separates data brokers from somewhat more legitimate organizations is that they:
Offer no tangible benefits to us as individuals despite using our data;
Use deceptive practices for collecting our information;
Conceal the fact that they’re selling it for their own profit.
For example, most social media platforms – like Twitter and Instagram – collect information about their customers. They then use this information to create and sell customized, targeted advertisements. Have you ever bought something off of Instagram or Facebook because it seemed like the perfect product for you? You have data collection to thank for being able to tailor ads to your needs and preferences.
So are these social media companies data brokers? Yes, in the sense that they’re selling access to our personal information – but not when considering that they’re providing a service that we want. We’re being offered a product we find valuable, and these companies are mostly transparent about how they make money from our data. However, not all data brokers operate with this modicum transparency — some work in bad faith.
Who are the bad faith data brokers?
So what’s an example of a bad faith data broker? Here are a few recent examples:
This company stole billions of images of our faces from the Internet — in violation of numerous privacy laws around the world — and against the policies of the companies that hosted the images, like LinkedIn, Facebook, and Twitter.
Clearview AI then compiled a database and sold access to law enforcement agencies around the world, creating a virtual 24/7 police lineup. And now they’re considering expanding into other markets, too.
What makes them a bad faith data broker? Clearview AI offers no tangible benefit to the people whose information they’ve stolen. In fact, they put us at great risk. Several Black men in the United States have already been arrested and imprisoned based on faulty matches from Clearview AI’s software.
This media company has a revenue stream based on the aggregation and sale of personal data – including information related to financial records, insurance, arrests, employment, phone, utility bills, email, social media, and more.
Thomson Reuters combines this data and sells it to whoever is interested. One of their customers is Immigration and Customs Enforcement (ICE) in the United States, which has a contract with Thomson Reuters reportedly worth more than $100 million.
ICE leverages the data they purchase from Thomson Reuters to target undocumented immigrants for detention and deporatation. Based on pushback from investors, Thomson Reuters is currently conducting a human rights assessment on this portion of their business.
Maybe you’ve never heard of the Pelmorex Corporation, but they’ve heard of you. That’s because everytime you check the weather on one of your devices, you’re giving them a little piece of data about yourself.
The Pelmorex Corporation owns a network of subsidiary companies that offer weather services, including the Weather Network. Everytime you open a weather app that comes preinstalled on an iOS or Android device, they’re likely sourcing weather data from a company owned by Pelmorex Corporation. But what kind of data are they sourcing about you?
You might be surprised to learn that the other half of the Pelmorex Corporation’s business model is selling your data, including your location. On one hand, they’re providing you with accurate weather reporting for where you live, and on the other hand, they’re taking your location data to be collected, compiled, and sold.
What are bad faith data brokers?
Bad faith data brokers, and the entire economy they operate within, undermine the rights that are essential to open, accessible, and surveillance-free Internet. By operating on the margins of the Internet economy, they’re exploiting the information we leave behind as we navigate the Internet, compiling the traces of our online behaviour, and using it in new ways that harm us.
Sometimes the damage being done by data brokers is real and tangible, like with Clearview AI and the people who had their physical freedom restricted through their faulty software – or with Thomson Reuters and the people who face deportation through their data aggregation service.
Other times, the negative impacts of data brokers is less apparent, like when the Pelmorex Corporation tracks your location and sells this information in exchange for offering free weather services. In this case, the harm might not immediately present itself.
Despite the deceptive design that conceals the way the Pelmorex Corporation makes money, we need to be aware that there is a risk to using their services. Location-based data brokers could expose people to harms, including stalking and persecution based on constitutionally protected signifiers, like religion and sexuality.
Location data is some of the most sensitive information we possess, and even in a de-identified, aggregate, or anonymized form, it still presents very real risks: a Catholic priest was recently outed as being gay by a news outlet that obtained his location data; a woman was stalked using mobility data purchased through a data broker; and many are concerned that period tracking apps could expose women to prosecution under the anticipated reversal of the Roe v. Wade decision in the United States.
Data brokers capitalize on extraction and exploitation. By undermining our ability to exercise meaningful control over our own information, data brokers are fostering an economy that operates in opposition to our fundamental privacy rights. The data economy constructs a negative vision of the Internet – one that doesn’t invoke user empowerment, creativity, and collaboration, but instead operates on secrecy, deception, and invasions of privacy. Data brokers are building an Internet that nobody wants.
How can we protect ourselves?
We’ve launched a new campaign called Stop the Harvest to take on the data broker economy.
Next, we’re going to turn the tables and begin tracking the data broker economy. If they’re keeping tabs on us, why can’t we keep tabs on them? Through the use of privacy laws, we’re going to file requests with data brokers to shed light on what kinds of information they’re collecting, and where they’re selling this data. There will be opportunities for community participation throughout this project.
Along the way, we’re going to be exploring what legal protections could be enacted to stop the bad faith data broker economy; we’ll be sharing our findings with our community and give you the chance to share these recommendations with your elected officials.
Does that sound good? Do you want to come along? Sign the petition and join us on the journey to Stop the Harvest!
Image cred: Josch13 via Pixabay