How to keep your data from brokers and marketers

We’ve seen a stream of revelations about data brokers in recent months, and though the stories vary, the takeaway is consistent: Our privacy has never been more vulnerable.

In May, Vice found that data brokers have been collecting and selling location information of people visiting abortion clinics. That same month, Human Rights Watch revealed that most edtech companies are collecting information on children. And earlier this year, comedian John Oliver famously showed how easy it is to target and compile embarrassing information on members of Congress.

Even a conservative estimate by Privacy Rights Clearinghouse puts the number of data brokers in the U.S. at over 500. And the information they collect is vast, although details about it are scarce. In a 2014 article in MediaPost, an executive at one of the largest data brokers, Acxiom, said that, “For every consumer we have more than 5,000 attributes of customer data.”

Experts say there is virtually no regulation of this data collection industry in the U.S. “Within the law, anyone could be doing pretty much anything with your data,” says Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation. “And they don’t have to tell anyone about it.”

There are, however, ways to fight back against data tracking. The first step is knowing how—and where—you’re being tracked.

Public records

Data collection begins at birth. Your birth certificate provides the first personal information put out to the world. Over the years, local and state governments and the federal government publish records telling your life story: Census data, motor vehicle registration, property ownership, marriage licenses, voter registration, bankruptcy filings, divorce proceedings, professional licenses, court cases, criminal convictions, and at the end of your life, a death certificate.

These documents are the primary resource for so-called “people search” data brokers such as Intelius and Spokeo. (They also search online data, such as social media.) You can use those services to, say, reconnect with a long-lost friend, or to confirm a business associate’s legitimacy. But a corporate entity—or worse yet, a stalker—has access to those same tools.

The type of information that BeenVerified provides.

I decided to test these services, using one of my relatives as a guinea pig. Spending $26.89 on another people search site, BeenVerified, I found accurate information on their age, current and past addresses, property ownership, phone number, spouse (and three-dozen other family members), neighbors, and “associates”—all with links to their own profiles. (There were also criminal history and bankruptcy categories, but nothing juicy.)

People search services like Intelius display popup alerts warning users not to abuse the information.

What you can do

Fortunately, there are ways to purge yourself from these sites. About three years ago, I signed up for a service called DeleteMe, which, for $129 per year, sends regular data-removal requests to hundreds of brokers. While not legally bound to comply (except for California residents under a law called the California Consumer Privacy Act), it seems that most included data brokers do. “If there’s a motive for actually honoring the opt-out requests voluntarily, it’s out of concern to avoid potential regulation that would force them to do so,” says John Gilmore, head of research at DeleteMe parent company Abine. (Another company, Privacy Bee offers a similar service for $197 per year, but I haven’t tested it.)

DeleteMe regularly checks to see if you are listed on data broker sites, primarily people search services.

You can get the same results for free by contacting each major data broker (DeleteMe provides free tutorials), but it’s tedious. DeleteMe lists 587 brokers it tracks, and from which it requests data removals.

Purchase history

Beyond public records, peoplefinders.com also buys information that consumers have provided to companies—for instance, purchases recorded when you swipe your store loyalty/rewards cards.

This kind of information gathering extends beyond people search sites and is a staple technique in the vast realm of marketing and advertising data brokers. By knowing your purchases, they and the partners they sell data to can offer discounts or hype other products that their algorithms reckon you will like.

Keep in mind that pharmacies offer loyalty cards, allowing data brokers to track over-the-counter medical purchases such as vitamins and skin creams. Information about prescription drugs should be protected under privacy provisions of the HIPAA health law, says Emory Roane, policy counsel at the Privacy Rights Clearinghouse. However, “we’ve seen data brokers get access to that information from pharmacies before,” he says. Whether from prescription or OTC purchase, this information feeds a large subset of advertising data brokers that specialize in health information (both from purchase histories as well as internet browsing around medical conditions and medications).

With loyalty cards, you at least get something (lower prices) in exchange for your data. But often companies offer no such sweetener in return. According to direct marketing company Exact Data, its 2,000-plus sources include magazine subscriptions, purchase histories, memberships, and attendee registries. In addition to the monetary price of a product, service, or event, you may also pay a hidden surcharge with your personal information.

“There’s a lot of data brokering happening, not just with who we consider third-party data brokers . . . but also among the people and brands that we’re customers of,” says Rob Shavell, CEO and cofounder of DeleteMe’s parent company, Abine.

In order to see what data is collected, I started investigating my own life. I pay T-Mobile $85 per month for unlimited calling, texting, and cellular data. I also pay with “all personal data we collect and use when you access or use our cell and data services, websites, apps, and other services,” per the company’s privacy notice. They may use this data to (emphasis mine) “advertise and market products and services from T-Mobile and other companies.”

Synchrony Bank allows me to opt out of some data sharing.

Then I checked my paper mail and found a credit card offer from Synchrony Bank. The company’s 10-page service agreement informed me that Synchrony may use my personal data to market to me directly, together with other financial companies, through affiliated companies, and through nonaffiliated companies such as retailers and direct marketers.

It’s a generally accepted truism that, with free services like Facebook or Google, you pay in personal data. But even when you put up hard-earned cash (for purchases or interest charges), you’re also paying in data.

What you can do

For loyalty cards, consider whether the money you save is worth the privacy price. You may want to selectively use your cards: perhaps OK for buying a bag of chips, but not for purchasing hemorrhoid cream.

Many businesses now offer at least partial data-collection opt-outs, thanks to the California Consumer Privacy Act (CCPA). Though the law is only binding for California residents, many companies extend CCPA rights nationally. You often find a link to this opt-out at the bottom of websites under the phrase “Do Not Sell My Personal Information.”

The do not sell option on the bottom of T-Mobile’s home page.

T-Mobile, for instance, has a CCPA option, but it’s arduous, requiring you to provide a copy of a driver’s license or passport and a photograph. Synchrony Bank lets you limit affiliate and nonaffiliated marketing, but not other types of itself and other financial services.

Credit history data

I likely got that offer from Synchrony Bank (and many others) due to my good rating with credit reporting (aka consumer reporting) agencies such as Equifax, Experian, and TransUnion. They can help a bank assess someone for a loan or help a landlord decide if a tenant can pay the rent.

These companies also use their vast information stores (on $27 trillion, over 45 percent, of all U.S. consumer invested assets, says Equifax) to target customers for financial or other offerings. Equifax, for example, states plainly in their privacy statement: “We collect, use, and sell personal data as part of our consumer and commercial marketing services. This includes providing customers [meaning data brokers and marketers] with personal data of potential customers [meaning you] to inform their marketing efforts.”

What you can do

Like many other data collectors, credit-reporting agencies provide the CCPA opt out of data sales. You can also visit OptOutPrescreen.com to stop credit card and insurance offers.

Web-browsing data

As you’ve likely heard, small text files called cookies hang out in your browser and allow marketing companies to follow your web browsing. Cookies work in conjunction with tracking code, often in online ads. For instance, if a Google ad appears on multiple sites, the tracking code in each ad can check the Google cookie to record that the same person (technically, the same web browser) has visited each site.

To appreciate how pervasive this is, I installed the Electronic Frontier Foundation’s free Privacy Badger browser plugin. When I viewed the top 25 U.S. websites (per Similarweb) Privacy Badger found: 5 potential trackers on eBay, 7 on The Weather Channel, 10 on CNN and ESPN, 1

Created 3y | Jun 28, 2022, 4:20:53 AM