Data brokering is a legitimate business that’s understandably gained notoriety among consumers. However, many people don’t even know this industry exists and that their personal data is being collected, sold, and used for a variety of purposes.
We’ll talk more about the various ways in which your data is gathered, but you might be surprised to learn that in many cases, you’ve inadvertently given these companies your permission to collect your personal information! Think about all the times you’ve hastily selected “accept” to privacy and cookie policies.
You’d be surprised at just how valuable your data is. The data brokerage industry is extremely lucrative, generating upwards of $200 billion in revenue per year.
With billions of dollars and your privacy at stake, what makes your data such a hot commodity? And what are data brokers doing with your information? We’ll answer both of those questions in this guide.
What are data brokers?
A data broker, sometimes called an information broker, is a business that collects personal data from various sources, processes it, and sells it to individuals or companies for marketing, risk mitigation, and other purposes.
Some of the largest data brokers in the US are Acxiom LLC, Epsilon Data Management LLC, Oracle America Inc., Equifax Information Services, LLC, Experian LLC, and CoreLogic.
Different brokers operate for different reasons. For example, CoreLogic provides data to screen potential tenants for landlords and real estate companies. Brokers like Equifax and Experian process data for decision-making and marketing purposes.
How do data brokers collect information?
Data brokers typically aggregate information through what’s publicly available on the internet and by buying it from other organizations, such as credit card companies. Common avenues for data sourcing are social media sites, public records, loyalty programs, and mobile apps.
- Credit cards: Credit card networks may sell user information, such as purchase history, to data brokers who then process it and sell it to advertising and marketing agencies. The standard practice is to anonymize data through a tokenization process.
- Web browser cookies: Cookies are small text files that track and store your information as you browse the web. Data brokers purchase this information from websites enabling the cookies and may even place cookies on your browser themselves.
- Public records: Marriage licenses, arrest records, voter registrations, motor vehicle records, census data, and bankruptcy records are just a few examples of potentially publicly available information that data brokers can aggregate.
- Retailers: Both brick-and-mortar and online merchants collect, track, and share your information. One way merchants can easily identify and track you is with your store loyalty card number. Tracking your purchases can help data brokers better understand your spending habits.
- Mobile apps: You may be using a “free” app at the expense of your personal data. Some mobile apps will gather information like GPS location, birthday, interests, etc., and pass those details to data brokers.
These are just a few of the sources brokers leverage to collect information. Other data sources include (but are not limited to) banks, insurance agencies, telecom companies, other data brokers, surveys, and sweepstakes.
What are data brokers doing with your personal details?
Let’s break down what it means to collect and process data. A broker may collect your religion and smoking habits from a dating app. Then, they might gather your purchasing habits from a retailer. Independent of one another, this data may be useless, but together, paired with other pieces of information about you from other sources, these pieces of data enable brokers to create a profile of who you are.
Your data in bits and pieces is not worth anything on its own, but a complete data profile of you and your buying habits is extremely valuable to marketers, employers, landlords, banks, and others.
How data brokers sell your identity
After data brokers have aggregated your personal details, they’ll use machine learning to identify patterns and dissect this information into audience segments. These audience segments are then often sold to AdTech companies, such as Epsilon and Red Ventures, that use these groupings to market products to prospective customers.
Other types of organizations purchase data from brokers, too. According to a Business Insider report, several US government agencies, such as the FBI and the Department of Homeland Security, are clients of Venntel, a massive US-based data broker.
Despite the elusive nature of their business, data brokers don’t need to operate on the dark web to find clients. They work as registered business entities and sell your data to other companies and individuals for many different purposes.
Types of data brokers
Generally, there are four main types of data brokers: marketing/advertising, fraud detection, risk mitigation, and people search sites. Some companies intersect multiple categories. Let’s break down each of these categories of data brokers to understand their purpose:
Have you ever searched for a product and received a targeted ad for that exact product the next day? Almost everyone in the digital age has had an eerie experience where they felt like their devices were “listening” to them. How much your phone is keeping tabs on your behavior is up for debate, but the instantaneous receipt of very specific, targeted ads reflects how your searches and internet behavior can be tracked and leveraged by marketers.
Think about this: you’re on vacation, but forgot to notify your bank that you’ll be traveling. You swipe your card at a gas station fearing it will be declined. But to your surprise, the transaction is authorized. Although you did not inform your bank of your travel plans, they were able to determine that you likely made this transaction. How? By collecting your data, understanding your habits, and using algorithms, your bank was able to determine that this transaction was likely made by you even though the swipe took place in another city, state, or country. In short, data brokers working in the fraud detection space will sell your information to financial institutions, who leverage that data to better monitor your account behavior and detect fraud.
Data brokering for risk mitigation is much more common than you’d imagine. Many companies and lenders will seek out your file from a risk mitigation-oriented data broker before doing business with you. Companies like Equifax and Experian that determine your credit score are examples of data brokers focused on risk mitigation, and many other smaller organizations may “grade” or “score” you based on how your information compares to a proprietary set of parameters. These scores can help businesses determine things like whether someone will default on a loan or pay their rent on time.
People search sites
Have you ever entered your name (or someone else’s) into a people search site and been surprised by how much the site knows about you? People search sites operate by selling your data to anyone or any company who’s willing to pay. For this reason, these sites can facilitate doxxing and other criminal intents. Companies like BeenVerified and Spokeo operate in this category.
Are data brokers legal?
Most countries do not have strict (or any) laws that regulate collecting and sharing data. However, a few states, including California and Vermont, have begun implementing their own data privacy laws.
California, for example, enacted the California Consumer Privacy Act (CCPA) in 2018. Under the legislation, consumers are granted the right to request a that business disclose which pieces of their data have been collected, and the right to order that data deleted. This legislation is not exclusive to data brokers. For example, California residents can contact a company as established as Target, request that the company delete any of their stored personal information. Under the CCPA, Target must comply by law. California also has a law that requires data brokers to register with the state’s Attorney General; the registry is made publicly available.
Several other states have enacted comprehensive consumer data privacy laws, but in many states data brokers to continue to operate without strong regulation.
The EU has stricter legislation and enforcement than the US regarding data sharing. For example, last year the Norwegian Data Protection Authority announced a 100 million NOK (roughly 10 million USD) fine against dating app, Grindr, for breaching the General Data Protection Regulation (GDPR), the EU’s primary privacy and data security law.
In sum, some US state laws regulate data brokering and put data ownership back in the hands of the individual. However, many gray areas still exist due to the lack of federal legislation and the ever-evolving digital landscape of data brokering.
Keep your data secure with Privacy Virtual Cards
A large percentage of data collection is done at the POS or point of sale. And as credit or debit cards and digital wallets have become the most convenient way to pay, cash seems to become more obsolete with each day that passes. But when ditching cash, consumers tend to lose anonymity.
With Privacy.com, you can keep some anonymity while still defaulting to cashless payments. Using a Privacy Virtual Card gives you greater control over what personal information merchants collect about you during checkout.
By generating a new Privacy Virtual Card number during checkout, you can keep your card number and other personal information from getting into the hands of a merchant, who may store or fail to protect your data. Privacy will never turn over your underlying information to a merchant, so how much information is shared during the checkout process is always in your control.
Privacy Virtual Cards offer additional security features like spending controls, the ability to pause/close a card at any time, and transaction notifications. These precautions are designed to protect your financial information should a merchant experience a data breach. If you need to make a payment online but don’t fully trust the website, use a Privacy Card instead of giving our your debit card or bank account information.
It’s important to note that Privacy does not sell user data to third parties. Plus, while shopping with Privacy Cards, users can feel secure knowing that their banking information and other personal details are not shared with retailers. Privacy should be an essential part of your security toolkit when mastering how to make safe payments online.
Looking for more ways to safeguard your personal data while you shop? Sign up for Privacy today!