Data brokers’ use of big data leads to questions about how best to protect consumers.
The Federal Trade Commission (FTC) recently issued a report that examines the U.S. data broker industry. The report highlights the lack of transparency around data brokers’ practices and explains why such practices are of concern from a consumer protection standpoint.
The FTC defines data brokers as “companies whose primary business is collecting personal information about consumers from a variety of sources and aggregating, analyzing, and sharing that information…for purposes such as marketing products, verifying an individual’s identity, or detecting fraud.” In other words, data brokers are not consumer facing; consumers may not even be aware of their existence. As FTC Chairwoman Edith Ramirez has put it: “You may not know them, but data brokers know you.”
The first concern expressed in the FTC report is the sheer scale and scope of the data collection conducted by data brokers. The second concern relates to the first and involves the mining of these data troves by data brokers to create rich profiles of consumers – such as “financially challenged” and “diabetes interest” – for marketing purposes. The creation of consumer profiles leads to the FTC’s third concern: the use of data profiles to draw adverse inferences about consumers, with the potential to lead to what the White House recently termed ”digital redlining.” Digital redlining occurs when a company uses data to discriminate against consumers by charging them more for goods and services based on their socio-economic profile.
The FTC makes several recommendations in its report, including those for legislation and self-regulation. The legislative recommendations are nuanced and are tailored to the kind of data broker involved. However, the overarching FTC goal is “legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities.”
To operationalize this goal in the marketing arena, the agency recommends that Congress consider creating an online portal that would describe, among other things, the types of information that data brokers maintain and how consumers can opt out of certain uses or sharing of their data.
The recommendations on self-regulation include calls for industry measures that would push data brokers to “refrain from collecting information from children and teens, particularly in marketing products” and “to ensure that downstream users of their data do not use it for eligibility determinations or for unlawful discriminatory purposes.”
Although the Commission voted unanimously to issue the report, Commissioner Joshua D. Wright – a Republican – made some interesting observations in footnotes, many of which touch on cost-benefit analysis. For example, in response to the call for Congress to consider legislation that would provide for consumer access to the information collected by marketing data brokers, Wright noted that he “does not believe that at this time there is enough evidence that the benefits to consumers of requiring data brokers to provide them with the ability to opt out of the sharing of all consumer information for marketing purposes outweighs the costs of imposing such a restriction.”
Industry reaction to the report struck a similar vein. For example, the Direct Marketing Association notes that “after thousands of pages of documentation submitted over the two years of thorough inquiry by the FTC, the [Commission’s] report finds no actual harm to consumers, and only suggests potential misuses that do not occur.”
The FTC report is the latest in a series of reports examining the data broker industry and big data more broadly. It follows on the heels of a White House report and a Senate Commerce Committee report that touch on the role data brokers play in an era of big data. The White House, in particular, acknowledges the benefits of big data, observing that, “properly implemented, big data will become an historic driver of progress, helping our nation perpetuate the civic and economic dynamism that has long been its hallmark.” Still, both the White House and the Senate committee recognize that big data brings with it a responsibility to use it in a way that does not harm consumers.
So how might cost-benefit analysis play out in the data broker context specifically, and in the big data context more generally? The benefits of big data itself are easily enumerated and are acknowledged in the Senate, the White House, and the FTC reports. For example, the FTC report states that “data broker products help to prevent fraud, improve product offerings, and deliver tailored advertisements to consumers.”
But what about the benefits of data broker regulation? The answer to this question in many ways pivots on the consumer harm such regulation seeks to prevent — and how that harm is defined and measured. There are those who define “harm” in narrow monetary terms and believe this definition is appropriate because it is both objective and quantifiable. However, there are others, such as Professor Paul Ohm, who argue that “nonmonetary harm abounds online” and that regulators ought to be able to address those harms – even if they are more subjective in nature – provided that the harms are non-trivial.
The debate surrounding how to regulate big data is set to continue, both within the data broker context and beyond. The big data era is still in its infancy. In 2011 alone, 1.8 trillion gigabytes of data were created – a volume of information equivalent to every U.S. citizen writing three tweets per minute for almost 27,000 years. And experts predict that the total amount of data will double every two years from here on out.
Applying cost-benefit analysis and developing regulation in this context will be challenging, and it will be important to get it right from the beginning.