The letter also pointed to databases maintained by British multinational RELX and Canadian conglomerate Thomson Reuters, which, according to CUNY law professor Sarah Ramdan, Data Cartels: Companies that Control and Monopolize Our Informationcontaining files on about two-thirds of the U.S. population, tracing their whereabouts and mapping social and family relationships.
In 2020 alone, data brokers pulled out some $29 million, while racing to undermine legislation to control their industry, according to lobbying disclosures uncovered by The Markup.
While many of the major data collectors admit to falling under the FCRA’s jurisdiction, others have relied on what lawyers petitioning Chopra believe to be erroneous legal analyzes to evade regulatory scrutiny. Other companies keep their products separate from the surveillance data they collect to avoid complying with what the credit reporting industry calls “header information,” which often includes people’s names, dates of birth and Social Security numbers, as well as phone and residential histories. This is true even if the data comes from sources expressly bound by law.
“Data brokers package and sell the same personal data points about us into different products, then claim that some products fall outside the scope of key legal protections,” said Laura Rivera, an attorney at Just Futures Law. “It’s dishonest, exploitative, and it does real harm to consumers of all backgrounds, especially low-income communities of color, including immigrants.”
“In advocating for coverage of data brokers, we are simply asking the CFPB to restore the scope of the bill that Congress originally intended,” added Chi Chi Wu, staff attorney at the National Consumer Law Center, who identified a series of limitations that court rulings over the years have watered down. FCRA.
Historically disadvantaged communities bear the brunt of the harm, Wu said, referring to information on some of the poorest neighborhoods in the U.S. being sold to predatory “payday” lenders. In fact, data brokers make handsome profits from businesses whose entire purpose is to identify consumers facing financial instability. A 2013 U.S. Senate report, for example, noted that these purchases were often made by companies that “sold high-cost loans and other financially risky products”—unscrupulous businesses extracting livelihoods from economically disadvantaged groups, including widows.
For years, companies have drawn the ire of consumer advocates and Capitol Hill privacy hawks for their careless handling of personal data, leaving consumers with little benefit. In 2021, a number of utilities that have long stolen sensitive data from cable, phone and energy customers for personal gain agreed to end the practice of selling it to Thomas Reuters, which in turn provided it to government agencies and the police, including U.S. Immigration and Customs Enforcement.
Senator Ron Wyden, D-Oregon, said: “Selling the personal information that people provide to register for electricity, water and other necessities of life and giving them no choice in the matter is a shame. A serious invasion of consumer privacy,” critics of government surveillance, said in a letter to Chopra at the time.
The Defense Intelligence Agency, the Defense Counterintelligence and Security Agency, and Customs and Border Protection (CBP) are among the many federal agencies known to buy Americans’ private data, including data that law enforcement often requires a legitimate reason to obtain. The U.S. Supreme Court ruled in 2018 that police and intelligence agencies do not have the authority to compel companies to hand over location data obtained from cellphones and other devices without legal authority.
The decision did little to stop the government from avoiding the courts. The Justice Department, the Office of the Director of National Intelligence, the Pentagon and hundreds, if not thousands, of state and local police agencies have interpreted the ruling as placing no restrictions on their ability to purchase location data.
