Export Compliance Daily is a Warren News publication.
‘One-Stop Shop’

House Commerce Panel Probes for Data Broker Solutions

Consumers should have a “one-stop shop” where they can ask data brokers to delete their information, House Commerce Committee ranking member Frank Pallone, D-N.J., said during a House Oversight Subcommittee hearing Wednesday (see 2304130057).

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

He noted the American Data Privacy and Protection Act (ADPPA), which the committee passed 53-2 in 2022, includes such a provision. The bill would require data brokers to register with the FTC and allow consumers to opt out of data collection by all registered brokers (see 2303010063). House Commerce Committee Chairwoman Cathy McMorris Rodgers, R-Wash., said legislators are continuing to build on the ADPPA with the goal of getting a bill signed into law this year. The data broker market is estimated at more than $250 billion annually.

One major issue is that consumers are often unaware of the existence of data brokers and how these third parties access, collect and sell their information, said Justin Sherman, a senior fellow at Duke University’s Sanford School of Public Policy. He and his colleagues have bought datasets from brokers for research purposes. He said they bought datasets on military service members for as little as 12.5 cents per service member. The price can increase to about 40 cents per person depending on the group and how narrow the criteria, he said.

Data brokers rarely interact directly with consumers, but they’re constantly collecting the data and building consumer profiles, said House Oversight Subcommittee ranking member Kathy Castor, D-Fla. Consumers should be able to decide what data is shared with what companies, she said. She said no law bans the sale of data to “malign foreign actors” and protections for children are limited under the Children’s Online Privacy Protection Act, which gives the FTC authority to go after those abusing data of users under the age of 13. Due to the age limit, the market for building profiles on kids ages 14-17 is massive, said Sherman. Targeted advertising drives the market, he said.

COPPA includes requirements for companies not to collect information on children that’s beyond what’s necessary to provide a service, but those requirements are loosely followed, said Georgetown University Associate Law Professor Laura Moy. Another issue is that data on children lives forever, she said: Even if years later a person deleted his or her data, it could still exist if a data broker has scraped the profile.

Mozilla builds privacy protections into its browser because there are fundamental standards for protecting consumer information, testified Mozilla Corporation Chief Security Officer Marshall Erwin. He credited Apple for having privacy protections that are on the same level as Mozilla but noted Apple makes up about half the market for browser and mobile operating system services. The rest of the market is not on the same level, he said. Targeted advertising is far more sophisticated now than it was at the inception of the internet, said Erwin: Today’s data-rich profiles open the door to abuse because the more a company knows about someone, the more it can manipulate.