How much is your personal data worth?
The growth of the online world has fueled a data explosion.
Every second of the day, every day of the year, a massive stream of data flows through the global Internet and much of that information is personally identifying in ways that many of us are unaware.
How that data is collected, distributed, and used is now receiving greater scrutiny, yet the sheer number of companies who gather personal information and the amount they can access is far ahead of current controls to protect the privacy of identifying information.
At the forefront of the data gathering industry are data brokers, for-profit companies who collect publicly available information online.
They collect names, addresses, the precise map location of your home, income statistics, browsing habits, and social media connections.
Then they resell it, sometimes to other brokers, but more often to businesses who use that information to target users with Internet-based ads.
Some of the largest players in the data broker space include companies such as Acxiom, Experian, Intelius, Epsilon, and Datalogix.
Several years ago, Acxiom claimed that their database holds 1500 points of information per person.
The sources of data available to information gathering firms are vast.
One of the richest troves can be found in government records, which makes a range of information available ranging from voter registration data to tax payment history and details of home ownership.
Like many large firms today, data brokers have experienced breaches and had their data stolen. Since 2011, five of the largest data brokers have been hacked, including Epsilon who lost the names and addresses of 60 million users.
No government regulation on data mining
Responding to rising consumer concern, the Federal Trade Commission (FTC) conducted their own investigation of data brokers and issued a report in 2014.
The agency found that data brokers were collecting information on virtually every U.S. citizen and called on Congress to pass legislation which will regulate the industry.
Although a number of bills have been introduced, so far no legislation has been passed.
The collection of personally identifying information is not merely limited to powerful data brokers. Social media sites are data gatherers themselves and one of the leaders in this regard is Facebook.
Every action by the social media giant’s 2 billion users is logged into Facebook’s vast network of servers.
This data includes everything from what a user likes and tags to posted comments about world events.
Do you use Instagram or WhatsApp on your mobile device? Since both are owned by Facebook, they collect all of that data too.
Facebook is also a buyer of additional information from data brokers.
A recent story by ProPublica disclosed that the company relies on data brokers to collect information about users’ mortgages, shopping preferences, and the kind of cars they like to buy.
A major reason for Facebook’s interest in collecting this personal information is to enhance what they can offer to advertisers.
Marketers will pay top dollar if the social media firm can place their ads in front of the audience they desire and data makes all of this possible.
Google still rules in gathering your information
Despite the use of data-mined information by major websites such as Facebook, Google has historically been one of the few big players to hold the line on user privacy.
When the search firm bought DoubleClick (an advertising network) nine years ago, they kept personal names separate from the vast trove of web browsing records obtained in the acquisition.
This means that Google now reserves the right to compile a view of every user by name, populated with information mined from each personal email, search activity, or website visited.
DoubleClick’s tracking technology is estimated to be in use for half of the top 1 million global websites.
Another use of personal data involves major data mining companies who have formed partnerships with many of the large, popular social media sites.
Your data helps law enforcement track you
These relationships came to light recently when Geofeedia, a location-based analytics platform, was found to be supplying law enforcement agencies with their technology to monitor protesters in communities across the U.S. based on the geographical location of their posts.
As it turns out, the company had access to major data flows from Facebook, Twitter, Instagram, and YouTube, which they then provided to police departments and private companies.
Although what Geofeedia did was not illegal, a recent report from the American Civil Liberties Union (ACLU) indicated that Facebook, Twitter and Instagram have ended the company’s access to data feeds of public posts after this information emerged.
In emails documented by the ACLU, Geofeedia claimed to have over 500 clients for their social media monitoring platform.
One of their customers was a public school district in Chicago which used the tool to monitor the activities of its students.
The news surrounding Geofeedia has also brought renewed scrutiny of In-Q-Tel, the CIA’s venture capital firm. Geofeedia received investment funding from In-Q-Tel, who has also provided financing to other social media data mining companies such as Dataminr, PATHAR, and TransVoyant.
PATHAR’s data mining product is also being used by the FBI.
It’s not just the government that is relying on data mining companies to supply them with detailed information about individual activities.
What is Spokeo?
Spokeo, a ten-year-old data mining firm based in Pasadena, California, has built its business on software that can aggregate personal profile information based on searches of public records, white page information, and social media usage.
Spokeo recently expanded its portfolio of services to now include a new set of searches for business clients. Called “Spokeo At Work,” the service offers companies online and offline data that can be used to vet candidates for open job positions.
The company’s decision to offer this service to employers comes in the aftermath of a major decision by the United States Supreme Court last spring.
In Spokeo v. Robins, a Virginia man had sued Spokeo for violation of federal law because they had provided a potential employer with inaccurate information about his age, marital status, and education. The court held that consumers must prove a “concrete injury” to claim a violation of federal law, thus supporting Spokeo’s ability to provide this kind of information for background checks.
Spokeo’s profiles are remarkably detailed. Individual listings posted publicly online include the names of relatives (including children) and a precise location on a satellite photo map of the person’s home.
The company has been diligent about honoring individual requests to have personal information removed from their database, providing an online link that makes it fairly easy to do so.
But their sophisticated search tools are constantly scanning millions of records and several users contacted for this story who requested deletion of their files, reported that their names and personal information usually reappear again approximately six months later based on any local government-involved transaction, such as the purchase of a new home.
How can I keep my personal data to myself?
There are ways that users can control the collection and sale of personally identifying information by data brokers or people search firms, but it takes time and is not always easy.
As in the case of information gathered by Spokeo, information can be removed one week but then replaced with new details a week later as web crawlers and other online data search tools constantly gather new material.
StopDataMining.me provides an online resource for people who are concerned about the acquisition of their information by data brokers and other firms. They also include a tracking list of the top 50 data brokers with links to where users can “opt out” of having their personal information collected.
Some of these links will access pages which are fairly easy to navigate, but others are not quite so clear and may require transferring to multiple pages in order to have your identifying information fully removed.
There are also choices for the opt out length. Experian, for example, offers either a five year period or a permanent one. They also warn that if you choose to opt out permanently, it make take “several months” before you see a noticeable reduction in the amount of online solicitations you receive, an indication of how complex and far-reaching the distribution of personal data can be.
In today’s uber-connected world, the individual choice to make online transactions or share personal details with friends via social media is like to a bargain with the devil. We are forced to surrender some aspects of privacy to participate in the digital revolution along with the rest of society.
Controlling the use of our personal data, and thus limiting the risk of identity theft, has become more difficult, if not impossible. Hopefully, data brokers and major social media websites will give users the tools to manage the wholesale exchange of personal information in ways that can truly protect privacy and provide peace of mind.