From smart devices to store loyalty programs, nearly every transaction we complete and interaction we have can be tracked. To make things more complex, it’s not just the companies and organizations we interact with that track our data. Large brokers that collect and re-sell information stay busy gathering data on more than 500 million consumers around the globe.

How and Why Consumer Data is Sold

WebFX reports that there are 4,000 different data brokers worldwide. These brokers get personal information from loyalty programs, as well as databases containing paystub details and political campaign donations. Other information like location data from your smart devices, web browsing history, public records, social media usage, credit cards, and driver’s license can also be gathered and sold by brokers.

Although other types of personal, transactional, and usage data can be acquired and sold, the financial value of consumer data is the main reason why it’s gathered and sold. According to Wired, companies in the U.S. spent approximately $19 billion in 2018 on consumer data. Organizations often use this information to make improvements to customer experiences and products, and personalize services, as explained by The Wharton School at the University of Pennsylvania.

Understandably, not everyone is comfortable with their information being exchanged with unfamiliar companies without their knowledge. Privacy groups have proposed a new standard for web browsers, known as Global Privacy Control, that would let individuals opt out of having their information shared with third-party brokers. However, the standard has yet to be implemented by the top browsers and does not currently carry any legal weight.

From a legal perspective, you may be wondering if there’s any protection or something you can do to keep as much of your data private as possible. Let’s look at some of the U.S. privacy laws that impact what businesses can collect and share.

Privacy Protection Laws

While many companies distribute or post information about privacy policies, the Wharton School says that as many as 73 percent of us misunderstand these policies. Even without your prior knowledge or permission, your data can still be shared. Often, privacy policies simply spell out what can and will be done with your information.

Although the U.S. has some federal laws for protecting consumer information and a few states have passed stricter or additional legislation, Wired reports data brokers mostly have free reign. For instance, credit, employment, and insurance data must be collected according to the stipulations of the Fair Credit Reporting Act. The FTC outlines some of those requirements, including:

• Companies must investigate information you dispute.
• You have to receive notifications about detrimental actions taken as a result of the information, such as being denied a mortgage or car loan.
• A company or individual that requests your information needs to have a reason outlined in the law.

The federal government also enacted what’s known as the Privacy Act of 1974, which says that federal agencies must give public notice of whether those agencies collect and store data, according to the Department of Justice. Privacy laws specific to the states of Colorado and Nebraska are highlighted below.

Colorado

Colorado’s Attorney General’s site has a list of three main parts to state privacy and data security legislation. Most of it applies to organizations that collect and store personal or sensitive information, but it can also impact individuals or sole proprietors that do the same.

• Those that store sensitive data must have written policies about how that data is eventually discarded.
• Measures must be put into place to reasonably protect the data from being viewed or accessed by unwanted or unauthorized individuals.
• When data breaches occur, people who are impacted and the Attorney General must be notified.
• Colorado law defines personal, sensitive information as items like driver’s license and social security numbers when combined with full names. The full list of personal identifying information can be viewed on the Attorney General’s site.

Nebraska

According to OneTrust DataGuidance, Nebraska’s state constitution provides the right to protection, but there are not any common privacy laws. However, Nebraska has civil rights statutes that cover individual privacy. These statutes cover a variety of data types, including personal identifying information, medical records, data breaches, and financial transactions. Much of it is similar to federal and other states’ legislation, including HIPAA.

In 2020, the Nebraska Consumer Privacy Act was proposed as a means of strengthening the state’s privacy laws. The Act is meant to cover Nebraskans acting as individuals or in individual capacities and shares many similarities to California’s Consumer Privacy Act. Various rights regarding personal information are included, such as the right to know, the right to access, the right to opt-out, and the right to deletion.

Essentially, as explained by Husch Blackwell, consumers would have the right to know what information is being collected and how, the right to see what information has been collected, the right to not have information collected from sale transactions, and the right to have personal information removed.

Consumer Data Privacy and Cellular Carriers

At the end of February last year, the FCC announced it would be imposing a $200 million fine on AT&T, T-Mobile, Verizon, and the former Sprint for selling customer real-time location data. This kind of data lets others know where a device (and theoretically the person who uses it) is geographically at each moment.

Data captured by mobile devices has turned into a billion-dollar market, according to Medium. SAP, a computing company, produces consumer insight reports based on up to 300 events from 20 to 25 million subscribers’ cell phones every day.

Some of the data include the ages and genders of those who visit certain retail stores during specific time frames, in addition to what they do on their phones such as looking up competitors’ prices. Consumer behavioral data like this can be used by either telecom companies or third parties like brokers to increase customer satisfaction, improve networks and infrastructure, and reduce subscriber loss or churn, as outlined by Medium. Data brokers mostly benefit by being able to increase and diversify revenue.

An article from LightReading details some of the more recent developments in the selling of mobile subscribers’ data. From automatic enrollment in a program that sells browsing and app activities to advertisers and experimental services allowing carriers to ethically profit from user data, the practice of selling personal information remains controversial.

Concerns over potential identity theft, misuse, and overreach are some of the main reasons. Additionally, targeted ads that reflect our web and app activities on different devices can feel intrusive.

Yet, the heart of the controversy rests with most of us simply being unaware of what’s being collected, how it’s being done, and who can gain knowledge about us. It is also difficult to determine what data we can keep private, how to do it, and whether opt-out options are effective.

Companies and cellular carriers that do not sell customer data by default, like Viaero Wireless, are becoming rarer. Without laws that address the unethical or questionable aspects of how and when consumer data is used, what feels like violations of our privacy will likely continue.

While data has the power to enhance and improve customers’ experiences, it can also present threats to our anonymity and security. The determination of ethical and sound practices concerning consumer data may be open to some interpretation. However, it’s not unreasonable to assume that organizations’ interpretations should rest with the ways customers feel about what others can find out about them.

Viaero Wireless keeps you connected without selling your data. Check out our high-speed internet and unlimited cellular plans.

What are your thoughts about consumer data privacy? Share your thoughts below!