State AGs Go After Data Brokers

In comments to the Federal Trade Commission in June 2019, the state attorneys general for 40 states recommended the creation of an online registry for all data brokers in the country. Several states already have laws on the books addressing the activities of third party businesses that buy information about individuals and sell it. In Vermont, a state law passed in 2018 required all businesses that trade data on residents to register and share information about their operations. In California, a law that takes effect on Jan. 1 2020 allows residents to opt out of having their data sold. Maine passed a law this month barring Internet service providers from selling broadband customers’ information. New York, Maryland and Massachusetts are considering measures that give residents more control over their data. All these laws take direct aim at the data brokers stock in trade, information held by someone who didn’t obtain it directly from the user that can be mined from public records, such as DMVs, property records and voter rolls, as well as private databases concerning magazine subscriptions and shopping records. Data industry executives claim third-party data is vital to the businesses they serve, which include banks and law enforcement agencies, as well as advertisers that pitch potential customers based on third-party data about their behaviors and interests. Privacy advocates argue that the spread of data increases the risk of it being misused. For example, there are websites that provide easy access to people’s home addresses to anyone, including stalkers and abusers who are trying to locate their victims.