Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) continued questioning
representatives from the data broker industry about their information collection
and use practices at a Dec. 13 bipartisan congressional briefing, expressing
particular concern with the collection of information from children.
The “era of data keepers” has transitioned into an “era of data reapers,”
Markey and Barton, who are co-chairmen of the bipartisan House Privacy Caucus
and members of the House Energy and Commerce Committee, hosted the briefing. It
featured data broker industry representatives, two Federal Trade Commissioners,
and privacy advocates.
On July 25, eight lawmakers, including Markey and Barton, sent letters to
nine major data brokers, asking them to provide details about how they collect,
compile, and sell consumer information to third parties (11 PVLR 1207, 7/30/12).
Rep. Henry Waxman (D-Calif.), ranking member of the committee, also
The bipartisan group of House lawmakers said Nov. 8 that responses from the
companies only provided a “partial glimpse” into the data broker industry and
left many questions unanswered (11 PVLR 1680, 11/19/12).
Representatives from seven of the nine companies attended the briefing,
including Acxiom, Epsilon, Equifax, and Experian.
FTC Chairman Jon Leibowitz called data brokers “invisible data catchers.”
Although data brokers can do “a lot of good,” they often have no interface with
consumers, he said. He noted that the FTC's March consumer privacy
report called for more transparency by data brokers, as well as targeted
legislation (11 PVLR 590, 4/2/12).
FTC Commissioner Julie Brill recognized that some companies already provide
consumers with notice and choice tools about their data collection and use
practices. “But consumers don't know how to get to them,” she said.
“We're not anti-ad, [and we're] not even anti-targeted advertising if it's
knowing,” Barton said, noting that the problem with data collection and use
occurs when individuals are unaware of such collection and use.
Many of the data broker representatives said that defining the term “data
broker” is key and emphasized that the definition depends on the use of data.
“We all process data,” Jim Adler, vice president of data systems and chief
privacy officer at Intelius, said. “It comes down to what you do with it.”
Dealing with websites protected by the Children's Online Privacy Protection
Act and children is “a different calculus,” Leibowitz said. “Parents need to be
the gatekeepers for collecting information from children,” he added.
Leibowitz anticipates that the FTC will release its updated COPPA Rule by the
end of the week of Dec. 17 and “definitely before the end of the year.” The FTC
first sought comments on proposed amendments to
the COPPA Rule in September 2011 (10 PVLR 1327, 9/19/11) and asked for input on
modifications in August (11 PVLR 1225, 8/6/12).
Jerry Cerasale, senior vice president of government affairs at the Direct
Marketing Association, remarked that many of the companies present at the
briefing “do not knowingly have information on children and do not market to
Jeff Chester, executive director of the Center for Digital Democracy,
underscored the lack of protection for teens. COPPA's protections only apply to
individuals under the age of 13.
Brill noted the FTC staff's “troubling findings” in its follow-up
report on mobile applications and children's privacy (see related report
in this issue). For example, the staff found that 60 percent of the apps
were providing information to third parties, she explained.
Markey said that he intends to reintroduce “The Do Not Track Kids Act” (H.R.
1895), which was first announced in 2011 and would amend COPPA (10 PVLR 772,
5/23/11), in the next Congress.
Brill also highlighted the need to address particularly sensitive
information, as well as categories of data that just barely fall outside of a
Health information, she said, is protected in “fairly limited circumstances,”
and those protections are “not focused on the new age of technology.” She said
there is a need to identify “sensitive areas that are HIPAA [Health Insurance
Portability and Accountability Act]-like pieces of information but are not
covered by HIPAA.”
Another area of potential concern is where to draw the line with the
applicability of the Fair Credit Reporting Act, and in particular, its
applicability to e-scores, Brill said. An e-score, also known as a propensity
score, indicates whether a consumer would be interested in a particular
business, according to Tony Hadley, senior vice president of government affairs
and public policy at Experian.
By Katie W. Johnson
To view additional stories from Privacy & Data Security Law Resource Center™ register for a free trial now