FTC orders "data brokers" to disclose operations information
In the name of privacy, feds poke into data companies' business
The Federal Trade Commission this morning issued orders to nine companies it designated as “data brokerages” to provide detailed information about their business practices so the agency can undertake an investigation of privacy practices in the direct marketing industry.
The data brokers, which FTC defines as “companies that collect personal information about consumers from a variety of…sources and resell the information,” must divulge the nature and sources of consumer information they collect; how they use, maintain, and disseminate it; and the extent to which consumers can access it. The nine companies receiving the edicts were Acxiom; CoreLogic; Datalogix; eBureau; ID Analytics; Intelius; PeekYou; Rapleaf, and Recorded Future.
In a press release announcing the orders, the FTC allowed that data sharing can benefit both consumers and the economy, such as in the area of fraud prevention. However, in a March 2012 report titled “Protecting Consumer Privacy in an Era of Rapid Change,” the agency stated that it would address the “invisibility of, and consumers' lack of control over, data brokers' collection and use of consumer information.” The Commission stated, too, that it supports legislation that would give consumers access to personal information held by data brokers.
“When we issued the framework, we talked a about the need for greater transparency at many points in the ecosystem. One of the areas we identified was data brokerages,” says FTC Commissioner Julie Brill. “[These orders] will let us obtain information on all aspects of data collection and use to learn what choices are given to consumers.”
The Direct Marketing Association reacted to this morning's FTC announcement by with a statement expressing confidence that “any such inquiry will highlight the responsible use of consumer information by data-driven marketers.” The DMA's SVP of Government Affairs Jerry Cerasale points to the Digital Advetising Alliance's ad icon program that allows consumers to obtain a list of all participating companies using behavioral data to target them online. Consumers can use the list to opt-out en masse.
“People who use consumer data for unethical reasons—we will go after them,” Cerasale says. “One of the mainstays of DMA's ethical guidelines is that consumer data can only be used for marketing purposes.” Article 32 of this DMA document (obtainable at www.the-dma.org under “Corporate Responsibility”) states that consumer data that may be considered “sensitive and/or intimate should not be disclosed, be displayed, or provide the basis for lists made available for rental, sale, or exchange” when there is reasonable expectation by the consumer that it would be kept private.
Brill agrees that industry, and not government, should provide a solution for consumers to address privacy concerns. “I have had very good conversations with DMA about this issue and urge marketers to help us address and solve this problem,” she says. Brill feels that, though there are technical obstacles to overcome, direct marketers would do well to get the process started to address consumers' privacy concerns.
Consumer watchdog groups, meanwhile, see more intense government regulation of data as the only answer. “We would like to see greater transparency and control over the data broker industry. We need to create new reforms for opt-ins regarding the sharing of all personal and behavioral information,” says Jeff Chester, director of the Center For Digital Democracy, which along with the U.S. Public Interest Research Group has been lobbying Congress for tighter regulations on consumer privacy issues. “These companies use race, geography, and income data to target people. They have gone too far. They are intoxicated by Big Data.”
Tiffany George, an attorney in the FTC's Division of Privacy and Identity Protection said that the information received from data brokers would be used to craft a report on data brokerages to be issued later next year. Data companies singled out by FTC must comply with their orders by February 1, 2013.
Only one of several data companies contacted by Direct Marketing News provided a reaction to having received the FTC order. “We look forward to cooperating with the FTC,” said Jennifer Barrett Glasgow, Acxiom's Chief Privacy Officer, in a written reply. “Acxiom has a long history of proactively engaging with regulators and the public to clarify common misunderstandings about our business practices. As such, we consider this request as an avenue to promote a better understanding of why what we do is vital for the American economy as it creates enormous value for people and businesses while respecting and protecting consumers interests.”