Lawmakers Continue to Query Data Brokers About Collection, Use of Consumer Data

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) continued questioning representatives from the data broker industry about their information collection and use practices at a Dec. 13 bipartisan congressional briefing, expressing particular concern with the collection of information from children.

The “era of data keepers” has transitioned into an “era of data reapers,” Markey remarked.

Markey and Barton, who are co-chairmen of the bipartisan House Privacy Caucus and members of the House Energy and Commerce Committee, hosted the briefing. It featured data broker industry representatives, two Federal Trade Commissioners, and privacy advocates.

On July 25, eight lawmakers, including Markey and Barton, sent letters to nine major data brokers, asking them to provide details about how they collect, compile, and sell consumer information to third parties (11 PVLR 1207, 7/30/12). Rep. Henry Waxman (D-Calif.), ranking member of the committee, also participated.

The bipartisan group of House lawmakers said Nov. 8 that responses from the companies only provided a “partial glimpse” into the data broker industry and left many questions unanswered (11 PVLR 1680, 11/19/12).

Representatives from seven of the nine companies attended the briefing, including Acxiom, Epsilon, Equifax, and Experian.

FTC Chairman Jon Leibowitz called data brokers “invisible data catchers.” Although data brokers can do “a lot of good,” they often have no interface with consumers, he said. He noted that the FTC's March consumer privacy report called for more transparency by data brokers, as well as targeted legislation (11 PVLR 590, 4/2/12).

FTC Commissioner Julie Brill recognized that some companies already provide consumers with notice and choice tools about their data collection and use practices. “But consumers don't know how to get to them,” she said.

“We're not anti-ad, [and we're] not even anti-targeted advertising if it's knowing,” Barton said, noting that the problem with data collection and use occurs when individuals are unaware of such collection and use.

Many of the data broker representatives said that defining the term “data broker” is key and emphasized that the definition depends on the use of data. “We all process data,” Jim Adler, vice president of data systems and chief privacy officer at Intelius, said. “It comes down to what you do with it.”

Leibowitz: COPPA Rule Update Is Imminent.

Dealing with websites protected by the Children's Online Privacy Protection Act and children is “a different calculus,” Leibowitz said. “Parents need to be the gatekeepers for collecting information from children,” he added.

Leibowitz anticipates that the FTC will release its updated COPPA Rule by the end of the week of Dec. 17 and “definitely before the end of the year.” The FTC first sought comments on proposed amendments to the COPPA Rule in September 2011 (10 PVLR 1327, 9/19/11) and asked for input on additional proposed modifications in August (11 PVLR 1225, 8/6/12).

Jerry Cerasale, senior vice president of government affairs at the Direct Marketing Association, remarked that many of the companies present at the briefing “do not knowingly have information on children and do not market to children.”

Jeff Chester, executive director of the Center for Digital Democracy, underscored the lack of protection for teens. COPPA's protections only apply to individuals under the age of 13.

Brill noted the FTC staff's “troubling findings” in its follow-up report on mobile applications and children's privacy (see related report in this issue). For example, the staff found that 60 percent of the apps were providing information to third parties, she explained.

Markey said that he intends to reintroduce “The Do Not Track Kids Act” (H.R. 1895), which was first announced in 2011 and would amend COPPA (10 PVLR 772, 5/23/11), in the next Congress.

Where to Draw the Line?

Brill also highlighted the need to address particularly sensitive information, as well as categories of data that just barely fall outside of a statute's coverage.

Health information, she said, is protected in “fairly limited circumstances,” and those protections are “not focused on the new age of technology.” She said there is a need to identify “sensitive areas that are HIPAA [Health Insurance Portability and Accountability Act]-like pieces of information but are not covered by HIPAA.”

Another area of potential concern is where to draw the line with the applicability of the Fair Credit Reporting Act, and in particular, its applicability to e-scores, Brill said. An e-score, also known as a propensity score, indicates whether a consumer would be interested in a particular business, according to Tony Hadley, senior vice president of government affairs and public policy at Experian.

By Katie W. Johnson  

Request Bloomberg Law: Privacy & Data Security