May 27, 2014 · 4 minutes

It doesn't cost much to learn the spending habits, medical histories, and political affiliations of thousands of people. That information is bought and sold by data brokers every day, and used by other companies for targeted advertisements, harassing phone calls, and general snooping. As Pando's Yasha Levine points out, the private sector's data collection is about as scary as the federal government's, despite arguments that corporations can't put "warheads on foreheads."

Now the Federal Trade Commission argues that data brokers should be more transparent in their dealings, and that consumers should have "greater control over the immense amounts of personal information about them collected and shared by data brokers." The agency has asked Congress to consider legislation that would make those changes and, maybe, allow consumers to go about their lives without worrying that their every move is being recorded in a database.

The FTC's report focuses on many of the things that privacy advocates have complained about for years: that collecting so much consumer data can lead to discrimination against certain groups of people, and that giving so much information to private companies poses a serious security problem. Given the number of data breaches and security scandals revealed over the last year, the agency lags behind the rest of the world in thinking that it's time for a change.

Still, it's refreshing to see that the FTC can take time to ask a do-nothing Congress for support in protecting consumers from companies they've never heard of, even though those companies know if someone is pregnant, what medications they are prescribed, and the books they read. Perhaps the confluence of ineptitude will eventually distort itself into some meaningful reform.

Reactions from around the Web

The Wall Street Journal describes some of the FTC's recommendations:

The FTC said Congress should require the creation of an Internet portal where data brokers can identify themselves, describe the data they collect about consumers, and give consumers the opportunity to opt-out of data collection.

The FTC also said data brokers should also be required to tell consumers if they are inferring conclusions based on raw data—for example, if a broker collects Internet and offline data to deduce that a person is "financially challenged" or at risk for a certain disease.

Bloomberg Businessweek names some of the data brokers implicated by the FTC's report:

The agency in 2012 told nine companies to provide information about their practices. Besides Acxiom and CoreLogic, the other companies receiving FTC orders in 2012 were Datalogix Inc., eBureau LLC, ID Analytics Inc., Intelius Inc., Peekyou LLC, Rapleaf Inc. and Recorded Future Inc.

The Hill describes the government's other efforts to curb data collection:

In addition to the FTC, other arms of government have also focused on brokers’ use of data in recent weeks and months.

This month, a White House report on the broader concerns about companies using vast quantities of information, known as “big data,” which can make it easier to discriminate against consumers for one reason for another.

Pando weighs in

On the sheer size of the data brokerage industry:

There are thousands of data brokers operating today. The industry churns through somewhere around $200 billion in revenue annually. Together, these companies have detailed information on just about every adult in Europe and North America.

They comb every possible source of digital information: Internet activity is monitored and mined through cookies and third-party trackers; transaction records are bought in bulk from retailers and analyzed; public records and social networks are scoured and scraped. What kind of books did you read? What kind of prescription drugs did you buy? Make political contributions? Married? Pregnant? When’s your due date? Watch political documentaries or donate to environmental groups? Or maybe duck hunting shows are more your thing?

On the increasing rate at which large-scale attacks against data-gathering companies occur:

Given the frequency with which these breaches are occurring, it seems that having to change passwords for at least one website every few weeks is going to become the new normal. In the meantime, hackers are able to get away with personal information that isn’t quite so easily changed, such as someone’s name and physical address. Having to change some passwords isn’t fun — having to live with the fact that someone has all of this other information is even worse.

On the FTC's inability to introduce a text-to-911 network across the United States:

This is the agency we’re supposed to trust with the Internet. If it can’t create a decent system for text messaging emergency dispatchers, how is it supposed to regulate something that affects essentially every industry, hundreds of millions of people in the United States, and several billion around the world? While you go ponder that, I’ll be sending smoke signals to the fire department to get this cat out of my tree.

[Image courtesy redjar]