25 May 2020

Data Broking Compromises Online Privacy

Data broking is a big business in today’s online digitally-driven world. As the world continues to embrace technology to improve efficiency, access knowledge, drive communication, and enhance collaboration, the production of vast quantities of data is either a direct or indirect collateral effect of any digital interaction. In 2017, the Economist stated that data is more valuable than oil. Although it may seem unusual to put a price tag on an intangible asset created by simple online interactions, the fact is information is the cornerstone of the modern economy. Today, the most valuable companies in the world are tech giants such as Amazon, Apple, and Microsoft, replacing the energy giants that ruled the world’s stock exchanges at the turn of the century.

As the value of data continues to increase exponentially, it continues to fuel a substantial secondary industry built on the industrialized collection, organization, and sale of personal information. The media has vilified the Dark Web as a criminal underground where information such as names, addresses, financial records, and credit card numbers are for sale to the highest bidder. However, the quantity of data accessed, processed, and sold legally by data broking organizations far outweighs anything found on any Darknet sites. Analyzing personal information and online habits they lawfully and continuously gather, data brokers then sell this information to interested parties. The only difference between the criminal underground and data brokers is that the latter have access to far more data sources and have the legal means to continue collecting and selling your personal information.

What is Data Broking?

Data broking is first and foremost a business. These information brokers typically aggregate information from a variety of public and private sources. After collecting the personal data, they then process it by enriching it through correlation, cleanse it with deduplication, confirm it by way of verification, and then analyze it to build individual profiles. They then sell or license this asset to governments, advertisers, or any other party that has a vested interest in targeting or tracking people, their habits, and their online activities. Although some may argue that data brokers provide a valuable service, others say that this industry is the largest threat to online privacy.

How Large is the Data Broking Industry?

The data broking industry is estimated to be worth over $200 Billion. With over 4,000 separate operating companies, the business of collecting, analyzing, and selling personal data is both profitable and sustainable. The size of some of these enterprises is also worth noting. One of the larger data broking companies collects over 3,000 data points per person, has information of over 500,000 global consumers, and accomplishes this by managing and maintaining an IT real estate of over 23,000 servers. With an average consumer’s personal information such as their verified email address fetching anything from $80 and up, the data broking industry is flourishing and not going anywhere unless privacy laws and individual interventions put them out of business.

Data Broking and Online Privacy

At the heart of the data broking and online privacy controversy, is the topic of informed consent. A data broker is effectively an intermediary that facilitates the sale of personal information after collecting, analyzing, and categorizing it. They do not have a direct relationship with the individual whose private data they sell. The relationship, if one exists, is between the individual and the online site or service. In addition to not having a direct association with the data brokerage, people have also not given explicit consent. However, it is the way some organizations use the data to categorize individuals that raises concerns for online privacy.

Personal information, like any other tool, can be manipulated to further actions that are both intrusive and harmful. For example, let us say you searched for the term parachute jumping as part of your child’s school project. A data broker harvests this data, adds it to your online profile, and then sells it to an insurance company. When you apply for life insurance, the organization rates you unfairly as a high-risk individual due to your online data search profile. Although this example may seem extreme, it illustrates the point that information gathered online could unjustifiably prejudice you in some form or another.

What About GDPR, CCPA, and other Privacy Protection Laws?

Governments realizing the critical role information plays in the digital age have started enacting legislation to protect the personal information of their citizens. Two examples are the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). These pieces of legislation aim to control the monetization and indiscriminate use of personal information.  However, these regulations take the protection of personal information one step further by forcing organizations that do the actual collection of the data to comply. 

By forcing enterprises to put systems and measures in place that allow consumers to know what personal information they collect, they give users some control over their private data. For example, individuals can access the personal information collected and even ask for its deletion. The CCPA also forces organizations to inform consumers whether they are sharing their personal information with any external parties, and both the GDPR and CCPA have regulations on whether users can either opt-in or opt-out of data sharing schemes.

Taking Control of Your Online Privacy

While the GDPR and CCPA go a long way in protecting your online privacy, there are some measures, and precautions individuals can take to ensure organizations do not harvest their online interactions. 

Do Not Login to Your Browser

Almost every site you visit tracks your online activity. Most browsers give you the option to sign in to an account so that you can sync bookmarks and other settings to various devices. However, if you leverage this functionality, they can associate your tracking ID, a numerical identifier companies use to monitor your online activity, with your profile. Even though it is convenient to use these synchronization features, data brokers can use it to track and collate information on your online persona.

Use Cookie Blocking Extensions

Due to the stateless nature of the HTTP protocol, websites use cookies to track your interactions and your session state. Without cookies, they would not be able to ascertain your login status and what items are in your shopping cart. However, some sites have embedded third-party cookies that relay information to external parties. Several browser extensions can limit your exposure to this invasion of privacy. The good news is that Google has announced that its Chrome browser will phase out support for these types of cookies soon.

Use a VPN

In addition to using extensions and not logging into your browser when you access online sites and services, there are other measures you can take to limit the amount of personal tracking data you leave on the Internet. Subscribing to a Virtual Private Network (VPN) service ensures that any traffic traveling from your browser to the Internet is secure and encrypted. This additional measure will not stop the tracking activities discussed earlier. It will, however, keep your data hidden from your Internet Service Provider (ISP) or the Wi-Fi administrator at your local coffee shop.

Remain Vigilant as Your Data Is Worth More Than You Realize

Every time we access a website, we leave a digital fingerprint. Data brokers harvest these online interactions, analyze them, and then sell our browsing profiles and personal preferences to external parties without our knowledge, and in many cases, without our consent. Although legislation such as the GDPR and the CCPA have started making inroads into protecting personal information, there are some additional measures we can take to increase our online privacy. Not signing into your browser, installing extensions that limit trackers, and leveraging a VPN are a few of the steps we can take to keep our digital interactions private and secure.