Data Brokers

Have you ever wondered why you get those ads about hot pockets near you? Data and information are the gold and oil of the internet and the modern world. They fuel most companies, entities, and states and are instrumental in data—and advertisement-driven companies such as social media, marketing, and shopping platforms.

What is a data broker?

A data broker or data broker service is an individual or company that collects, analyses and processes personal information and data from various sources. The goal is to combine the data and sell the processed and categorised data to a buyer via a licensing agreement.

Categorisation and analysis of user data is done to better pinpoint, for example, what hobbies users may have, what they might want to buy, their religious beliefs, political views, etc. Data collection can also predict future trends and actions by finding patterns to form new conclusions or predictions.

Where is the data coming from?

Where do they get this data? Well, it’s not that difficult these days to find information on someone online. If I want to discover something about someone, I can manually browse their online profiles or even use OSINT (open-source intelligence) to find readily available information. Other tools and services exist to aid in gathering data, and one commonly used tool is a scraper. The data that brokers gather can be collected from various sources.

Public domain
- Criminal records, public health records, social media profiles, posts, and any information you share publicly are easily accessible.
Other companies
- Companies and organisations you use, such as credit card providers, banks, stores, retailers, and third-party vendors, may share your information and activities with a data broker or other service.
Apps, websites & services
- An app, game, website, or service can also share your habits and information without really knowing it. (Read the fine print when signing up for something.)

Governments may also use data brokers or similar services to get data about their citizens. Yes, you can now put on your tinfoil hat!

Sometimes, data brokers can work directly with a specific company to enhance customer data processing, exchange results, and aid with things like advertisement targeting accuracy.

Here are some examples of data that data brokers often gather:

Name
Date of birth
Marital status
Social Security number
Political views
Religious views
Email
Phone number
Occupation
Income
Tax level
Interests
Spending habits
Relatives
Friends

Lawfulness

Some of the most prominent data brokers are Acxiom, Equifax, Experian, Oracle Cloud Data, and Epsilon, but there are many more. Data brokers generally work within their legal limits and operate in a grey zone. They simply play by the rules and, most of the time, operate within the guidelines of laws and regulations to make a buck by collecting, analysing, and selling information.

Some countries, states, and locations have better privacy-focused laws and regulations, and it is up to data brokers to follow these laws based on the location and nationality of their users. It is also up to each different location to uphold and enforce the rules of its privacy regulations.

GDPR is an excellent example of a win for privacy. The GDPR, which you are most likely tired of hearing about, puts pressure on companies that handle the data of European citizens within specific guidelines and restrictions. For example, data brokers need consent from the user before they can share and use user data. Europeans can also request their data be removed promptly, based on the right of erasure (Articles 17 and 19 of the GDPR legislation).

CPA

In the US, it is up to each state to regulate and create legislation about the privacy of its individuals. California has the Consumer Privacy Act, CPA, which is like the GDPR law, where Californian residents can request to view and delete their data from services and companies.

The fine print

It’s all in the fine print. Signing up for a new service, app, or website will often contain terms of service, privacy policy, corporate policy and other documents you need to read and accept to use the service you initially wanted. In these agreements, there might be a line about how the website you just signed up for can collect and share your data.

The practice of intentionally hiding or lying about the fact that user data is collected and shared is, of course, illegal, and there have been quite a few cases where companies have significantly suffered from hiding the fact of their data collection.

But I’d say, moreover, that the issue lies in the complexity and vastness of the internet and also by the lack of global regulations and action taken on the part of serving up endless pages of lawyer texts to make the user just accept the terms to let them use the service they initially wanted to use. Google knows that if a page takes more than two seconds to load, the user will likely go back and try another website. When users want to create an account or access something digitally, the actions and response must be quick and efficient. So, we often just click through most checkboxes to get to the sweet, sweet cookie recipe without thinking about what we accepted in the website’s terms.

This needs to be improved by reducing the complex terms and legal texts to a more transparent and concise format, covering both the legal concept and making it easier to grasp what it means to accept or deny some terms.

Regulation regarding gathering and analysing user data is tricky, as privacy laws must be improved in the ever-evolving data-driven world. We can have less tracking, easier-to-understand terms, and a more open internet and world. But this is likely not the case; we will continue to ignore the fact that our data is being harvested and that we are just mice in a large corporate capitalist world. Put on your second tinfoil hat now if you haven’t already!

Image source

How to opt-out

Privacy laws, terms of service, and regulations make opting out of data collection practices more straightforward. If your data has been gathered, you can usually request it removed. You often do this by contacting the website or the data broker.

How do we know that the data has been removed? Well, we don’t. We need to trust that the companies we contact are diligent in their customer support requests, not just “removing” your data and leaving it in the trash. Insert nerdy point that stuff “deleted” from a computer isn’t deleted before it’s overwritten or corrupted. Well, to contact each company manually is a time-consuming task. I did it for a while on my own, and I’m not at the crossroads of either continuing, automating or paying for an automated removal service.

Several services and companies focus on automating the cleansing and removal of your data from these broker platforms, services and databases. Some removal companies are:

These companies automate the processes of finding and contacting the companies and brokers holding your data. Most of the time, they will also send requests to remove your data regularly. However, these companies are no silver bullet. They are sometimes quite expensive, and you need to know what information they are sharing about you with others or even data brokers!? You can only be sure that they cover some data brokers, the most essential databases, or the brokers located in your country. What happens if a data broker is requested to remove your data and they don’t have it from before? Will they highlight your name or contact details and target you specifically?

Why care?

Your sensitive data

Why should you care? Some data is always publicly available since we are stupid and social and share most of our lives online. But when it comes to private and sensitive information, it might be nice to know that not all companies know what STD you might have or your religious beliefs, among others.

Miscategorised data

Why shouldn’t you be able to control your information and data? What happens if you want to apply for a loan and the data broker that the bank used for auditing your information and habits miscategorised you as a drug addict, having bad spending habits, gambling or something else that makes you not applicable for that loan?

Data breaches

What happens if a data broker, like Equifax, gets hijacked or compromised? Then, all your data might be up for grabs or used in another attack on your other accounts. A lot of personal information is still used to verify your identity; someone with this information could use it to impersonate you.

What should I do?

So what can you do? As stated, hide in the forest and put on your third tinfoil hat! No, but here are some suggestions:

Don’t share everything online.
Remove old accounts and services you no longer use.
You may sign up for services and apps with fake aliases or details not actually connected to you, such as Bob Smith. (Do be careful with this, impersonation is kinda sus.)
Consider contacting websites, services and data brokers and requesting that they remove your data.
Consider using an automation data removal service like the ones listed above. Read the terms of service and other agreements more diligently, yes I know they are long, but there is one tool that makes it easier to both understand and view each terms of service agreement, called Terms of Service didn’t read

Conclusion

Yes, you should move out into the woods and make tinfoil hats, stay off the grid, and be a nomad. But no, try to be more selective about what you share and what services you use, and try to understand what you accept and agree to regarding the services you use.

It’s also a bit hypocritical that we are searching for products to remove our information, information that most likely has come from our online presence. Yes, as I mentioned, there are other data, such as from vendors, apps, and services, but a lot of data is publicly available.

The need for better internet hygiene, not sharing everything and improving and reading the terms of service is key to not being on each data broker’s database.