Privacy & Cybersecurity Law Blog

On December 18, 2012, the Federal Trade Commission issued Orders to File Special Report (the “Orders”) to nine data brokerage companies, seeking information about how these companies collect and use personal data about consumers. In the Orders, the FTC requests detailed information about the data brokers’ privacy practices, including:

• the data brokerage companies’ online and offline products and services that use personal data;
• the sources and types of personal data the data brokerage companies collect;
• whether, and how, the companies acquire consumer consent before obtaining, collecting, generating, deriving, disseminating or storing the personal data;
• whether, and how, the personal data is aggregated, anonymized or de-identified;
• how the companies monitor, audit or evaluate the accuracy of the personal data they obtain;
• if, and how, consumers are able to access, correct, delete or opt out of the collection, use or sharing of the personal data the data brokerage companies maintain about the consumers;
• how the data brokerage companies provide notice to consumers about their data privacy practices;
• the advertisements or promotional materials the companies use to describe their products and services; and
• information about any complaints or disputes, or governmental or regulatory inquiries or actions, related to the companies’ data privacy practices.

In March 2012, the FTC issued a privacy report featuring recommendations on how companies that use consumer data should build privacy considerations into their practices, including specific recommendations directed at behavioral advertising, mobile privacy, data brokers and large platform providers. The FTC’s report encouraged continued development of industry self-regulatory codes of conduct.

The Orders mark the third time this year federal policymakers have focused an inquiry on data brokers. On October 9, 2012, Senate Commerce Committee Chairman Jay Rockefeller (D-WV) issued letters to nine companies, and on July 24, 2012, members of the House Privacy Caucus, led by Reps. Joe Barton (R-TX) and Ed Markey (D-MA), sent letters to nine companies; in both instances the authorities requested information very similar to that requested by the FTC. The companies at issue differed in each case, with some companies subject to multiple requests, but none of the inquiries involved accusations of wrongdoing. Rather, the inquiries have been cast as attempts to better understand the role of data brokers with respect to consumer privacy.

The companies have until February 1, 2013 to submit their responses to the FTC’s Orders.