In the battle over consumer data privacy, Apple CEO Tim Cook has emerged as one of the strongest voices urging tech companies to do more to protect their customers. His latest salvo is an essay published in TIME magazine, in which he takes aim at the data broker industry. Customers, he says, should have a way to learn about the data that has been collected about them by data brokers and then delete it once and for all. The best solution, he suggests, would be a data broker clearinghouse created by the Federal Trade Commission (FTC).
Data brokers and their sprawling data ecosystem
According to Cook and many other privacy experts, one of the biggest problems in the tech industry is that many customers do not even know how much data is being collected about them. And, even worse, they have absolutely no idea how extensive the data broker ecosystem in the United States has become. Customers might assume that the likes of Facebook and Google are collecting, analyzing and perhaps even selling data about them, but they have no idea about what all the third-party data brokers are doing with this data. Data is constantly being packaged, re-packaged, sold, and re-sold to the highest bidder, and that has to stop, says Cook.
The concept of the data broker clearinghouse
The creation of a data broker clearinghouse would help to restore digital privacy. And it would also help to shine a brighter light on the dark corners of the data broker ecosystem. Who are these companies, and why are they trading your data to other companies? Most data brokers have no direct relationship with customers, and furthermore, have no incentive whatsoever to initiate contact with these customers. In some cases, data broker companies act as unofficial credit reporting agencies, offering detailed data about users upon request. A data broker collects information for the simple purpose of repackaging it and selling it later.
As Cook sees it, all data brokers in the United States would need to join this clearinghouse if they want to continue to do business. Moreover, they would need to provide transparency information to this data broker clearinghouse. In addition to providing a list of all data that they have on customers, they would be asked to provide specific information about any recent security breaches, as well as a list of all transactions involving this data. And here’s the really big idea – customers would also be able to delete any of this data, thereby removing this data from the vast data broker ecosystem forever.
This “delete forever” clause is especially important, because it would prevent an information broker from classifying, ranking and scoring consumers in ways they do not want. Right now, data brokers collect personal information about consumers from a wide range of sources, including online purchase histories, credit card usage, public records (such as motor vehicle records), and social media. Sometimes, this consumer data is used for marketing purposes; other times, it is used for risk mitigation purposes (such as lenders trying to verify the identify of a bank customer). However, far too often, data points that might include email addresses, online social media behavior and public records are assembled into sophisticated profiles that can be sold to insurance companies, lenders or employers for a wide range of other purposes.