Privacy & Cybersecurity Law Blog

On July 24, 2012, a bipartisan group of eight members of Congress sent letters to nine major data brokerage companies requesting information on how the companies collect, assemble and sell consumer information to third parties. Representatives Ed Markey (D-MA) and Joe Barton (R-TX), who serve as co-chairmen of the Bipartisan Congressional Privacy Caucus, are leading the inquiry. The Privacy Caucus, which is an ad hoc group rather than a formally constituted congressional committee, is comprised of members who have a common interest in privacy issues. The Caucus cannot call formal hearings, compel production of materials or pass legislation.

At issue are data brokers’ privacy practices with respect to their collection and aggregation of online and offline information about individuals’ financial, retail and recreational activities. The brokers sell detailed consumer profiles created using this information to third parties such as airlines, banks, credit card issuers and retailers for various purposes, including marketing. The lawmakers’ letters state that data brokerage “has grown into a multiple billion dollar industry” and that “[b]y combining data from numerous offline and online sources, data brokers have developed hidden dossiers on almost every U.S. consumer.”

The legislators have given the data brokers until August 15, 2012, to respond to their inquiry, which includes questions regarding:

• Entities that have provided consumer data to the data broker
• Types of consumer data collected and methods by which the data broker collected them (such as social networking and mobile phone activity)
• Products and services offered by the data broker to third parties
• Whether consumers can access, correct, opt out of sharing, or request deletion of the data held by the data broker, and whether the data broker charges fees for these services
• How the data broker stores each type of consumer data collected and what security measures are used to protect the data
• Whether the data broker provides notice to consumers about data collection practices
• Whether the data broker compiles and sells information about children and teenagers

The letters also ask the data brokers to state whether their products, services or business practices subject them to the Fair Credit Reporting Act. In June 2012, the data broker Spokeo reached a settlement agreement with the Federal Trade Commission over consumer data collection and sharing practices that the FTC alleged effectively made Spokeo a consumer reporting agency that failed to comply with applicable FCRA requirements.