Feds vs Data Brokers

In the struggle for privacy, data brokers have come under intense scrutiny. Whether being breached and leaking info or just as a business with few scruples, Data brokers have been revealed as a pervasive and largely unregulated industry that trades in the sensitive personal information of millions of Americans, and billions globally. These entities collect, aggregate, and sell data ranging from precise geolocation to personal health details, often without individuals' explicit consent. This practice poses significant risks to privacy and civil liberties. This has prompted federal agencies to take decisive action against data brokers’ exploitative activities.

The Role of Data Brokers

Data brokers harvest either by (scraping or through purchase) vast amounts of personal information from various sources, including mobile apps, public records, online transactions, and even government agencies like the DMV. They compile detailed profiles that reveal intimate aspects of individuals' lives, such as their daily movements, health conditions, religious affiliations, and political activities. This information is then sold to third parties, including advertisers, employers, and even government agencies (they buy from and then sell back to…just wow), often without the knowledge or consent of the individuals concerned.

Federal Trade Commission's Crackdown

The good news, the Federal Trade Commission (FTC) has intensified its efforts to curb the unauthorized collection and sale of sensitive data. In December 2024, the FTC took action against several data brokers, including Gravy Analytics, Venntel, and Mobilewalla, alleging that these companies unlawfully tracked and sold sensitive location data. 

The FTC's complaints highlighted that these firms collected precise geolocation information, which could identify individuals' visits to sensitive locations such as healthcare facilities, places of worship, and military bases. The proposed orders prohibit these companies from selling or sharing such sensitive data and mandate the implementation of comprehensive privacy programs to protect consumer information.

Consumer Financial Protection Bureau's Proposed Rule

Backing the FTC's actions, the Consumer Financial Protection Bureau (CFPB) proposed new regulations aimed at limiting data brokers' access to Americans' personal financial information. The proposed rule seeks to classify data brokers as consumer reporting agencies, thereby subjecting them to stricter regulations under the Fair Credit Reporting Act (FCRA). This move is intended to enhance national security and public safety by preventing the sale of personal data to malicious actors, including scammers and foreign adversaries. 

Keep in mind this is a proposal and implementation (based on past efforts) wouldn’t be until 2026, if the new administration doesn’t change the priorities and shut the whole thing down.

Federal Communications Commission's Enforcement

The Federal Communications Commission (FCC) has also taken steps to address privacy violations by major wireless carriers. In April 2024, the FCC fined leading U.S. wireless providers, including AT&T, Verizon, T-Mobile, and Sprint, a total of $200 million for illegally selling customer location data without consent. The carriers were found to have sold real-time location information to data brokers, who then resold it to third parties, compromising consumer privacy and security.

What’s the rub? The $200 million fine represents a minimal percentage of each company's annual revenue—ranging from approximately 0.046% to 0.076%. If distributed equally among all subscribers, each would receive about $0.50, underscoring the relatively small financial impact of the fine on the companies. I wouldn’t be surprised if the customers find themselves paying some extra small fee somewhere in their contract to compensate the companies for the minimal loss of revenue.

Implications for Privacy and Security

The unregulated sale of sensitive personal data by data brokers risks to individual privacy and national security. This data can (and will) be exploited for malicious purposes, including identity theft, stalking, and unauthorized surveillance. Moreover, the availability of detailed location data can endanger vulnerable populations, such as victims of domestic abuse seeking shelter or individuals visiting sensitive locations. The actions taken by federal agencies underscore the urgent need for comprehensive data privacy regulations to protect consumers from exploitation and abuse.

Conclusion

The recent enforcement actions by the FTC, CFPB, and FCC represent critical steps toward reining in the unchecked practices of data brokers. However, addressing the complex challenges posed by the data brokerage industry requires ongoing vigilance and robust regulatory frameworks. As technology continues to evolve, so too must the strategies to safeguard personal information, ensuring that privacy rights are upheld, and national security is protected.

Ultimately, for the near future, individuals will need to take steps to safeguard themselves. That means you will have to engage and opt out of the data broker intelligence cycle by either working with companies like Deleteme, or doing it yourself through such open-source options as the privacy project. Or you can contact me and we can discuss what your specific concerns and needs are to build a plan that best matches your security needs.