The letter also points to databases maintained by British multinational RELX and Canadian conglomerate Thomson Reuters, which CUNY law professor Sarah Lamdan, author of the book, said Data cartels: companies that control and monopolize our informationcontain dossiers on approximately two-thirds of the US population, tracking their whereabouts and displaying social and family relationships.
In 2020 alone, data brokers extracted about $29 million in an attempt to undermine legislative efforts to rein in their industry, according to lobbying revelations uncovered. markup.
While many large data collectors admit they fall under the jurisdiction of the FCRA, others avoid regulatory scrutiny by relying on what the lawyers who filed the Chopra petition consider flawed legal analysis. Other firms share their products and the surveillance data they collect to exempt what the credit reporting industry calls “headline information” traditionally made up of people’s names, dates of birth, and social security numbers, in addition to phone and residential histories. . And this despite the fact that these data are obtained from sources that are clearly subject to the law.
“Data brokers package the same personal data about us into different products for sale and then claim that some products are out of reach of key legal protections,” says Laura Rivera, lawyer at Just Futures Law. “This is unfair, exploitative, and causes real harm to consumers of all backgrounds, but especially low-income communities of color, including immigrants.”
“By advocating data broker cover-ups, we are simply asking the CFPB to restore the scope of the Act as originally envisioned by Congress,” adds Chi Chi Wu, a staff attorney at the National Consumer Advocacy Center who has identified a number of restrictive court rulings over the years with the FCRA watering down.
Historically disadvantaged communities face major damage, Wu says, pointing to the sale of information about some of America’s poorest communities to predatory payday lenders. In fact, data brokers make significant profits from businesses whose main goal is to identify consumers facing financial instability. 2013 US Senate Report noted, for example, that these purchases were often made by companies that “sell expensive loans and other financially risky products”—unscrupulous businesses that make bread and butter from the economically disadvantaged, including widows.
Companies playing fast and loose with personal data have drawn the ire of consumer advocates and Capitol Hill privacy hawks for years, resulting in meager consumer benefits. In 2021, a host of utility companies that have long been stealing sensitive data from cable, phone, and energy customers for their own gain have agreed to finish practice sell it to Thomas Reuters, which in turn provided it to government agencies and the police, including US Immigration and Customs Enforcement.
“Selling personal information that people provide to subscribe to electricity, water, and other essentials and depriving them of a choice in this matter is a flagrant violation of consumer privacy,” Sen. Ron Wyden, Oregon Democrat and leading critic of government oversight , says a letter to Chopra at the time.
The U.S. Department of Defense Intelligence Agency, the U.S. Department of Defense Office of Counterintelligence and Security, and the Customs and Border Protection (CBP) are among a wide range of federal agencies known to buy Americans’ personal data, including those that are commonly required by law enforcement. . probable cause To obtain. In 2018, the U.S. Supreme Court ruled that police and intelligence agencies cannot force businesses to share location data from mobile phones and other devices without a legal warrant.
This decision did little to stop the government from bypassing the courts. The Justice Department, the Office of the Director of National Intelligence, the Pentagon, and hundreds, if not thousands, of state and local police agencies have interpreted the ruling as placing no limits on their ability to simply buy location data.