Forget Super Tuesday - for us, the biggest political news of the last week was an executive order most people missed. President Biden announced a new order to protect Americans’ sensitive data from being sold to overseas adversaries by data brokers. As privacy enthusiasts, we love to see data protections take center stage, but experts are debating whether the order will make a meaningful impact. So this week we’re diving into data brokers, why they’re a problem, and asking what individuals, businesses, and governments can do to help stop the unwanted sale of private data. 

Data Brokers Are Bigger (and More Powerful) Than You Think

Big data is big business, and billions have been made from selling your information. The market size is estimated to be over $200 billion per year. When we talk about “Big Tech” we often just focus on the major platforms collecting data, but data brokers play an equally important role in bundling and facilitating the large-scale sale of information. 

Public backlash against data brokers has steadily grown, but after years of inaction, the industry continues to thrive. Now, politicians are starting to push back, but privacy advocates question what will truly make a difference in a world where everyone’s information is already available for sale. 

The Government Uses Data Brokers While the Look to Restrict Them

The most effective method for protecting American data would be a comprehensive federal data privacy law that applies to all Americans, similar to Europe’s General Data Protection Regulation (GDPR). However, due to Washington’s dysfunction and data brokers spending millions lobbying against rules, nothing has passed. Instead, we have a patchwork system of data rights where your level of privacy protections depends on which state you live in. 

Certain states, like California, have led the charge on data protections. The California Consumer Privacy Act (CCPA) passed in 2018, and now more than a dozen other states have similar privacy laws in place. The state also has been willing to crack down on data brokers, including last year’s DELETE Act, which creates additional protections and makes it easy for state residents to have their information removed from all major data brokers. 

At the federal level there’s widespread agreement that data brokers are harmful. Congress is conducting bipartisan investigations, the Biden White House hosted a roundtable on data brokers last year, and major enforcement agencies have cracked down on companies that abuse data. Then, last week, President Biden issued his Executive Order. 

The new order focuses on a very real problem. Data brokers make it easy for anyone, including foreign adversaries, to acquire sensitive information such as mental health data and personal information on military personnel. Biden’s order is not the same as formal rules, it is an intent to make rules, so it is hard to assess its impact as the regulatory details will not be finalized for months. However, even if the order succeeds and completely eliminates data going overseas, it will not change the fact that the government will continue to rely on, fund, and use data brokers’ services. 

Data brokers do not just sell to companies, they sell to governments, and America is a major customer. More than 30 government agencies spend millions buying data from brokers (including ICE, which uses the data to conduct deportations), they also use data brokers to assist in building government services. For example, the data broker LexisNexis has contracts to verify identities for Login.gov, the federal government’s secure sign-on service, along with a $1.2 billion contract to detect fraud in state workforce agencies. 

So long as the U.S. government continues to fund data brokers with taxpayer dollars and rely on them to supply critical government services, it is hard to imagine a robust set of rules protecting the sale and acquisition of Americans’ data. 

What Can People Do?

As an individual, engage with organizations supporting privacy protections, let politicians and companies know you care about privacy. 

As a company, work to protect consumer data in a way that is both ethical and profitable. 

Lastly, as a policymaker, we hope to see more consumer protections, laws, and enforcement actions that promote data dignity. 

Tell us your thoughts! What do you think of the Executive Order? What rules related to data brokers would you like to see in the near future?

What We’re Reading On Ethical (and Non-Ethical) Tech This Week:

•  Big Tech goes from ‘teenager’ to ‘grown-up’ under landmark EU law. Here’s what you need to know - CNBC

• Everybody wants to audit AI, but nobody knows how - Axios

• IBM says use of Adobe AI tools in marketing boosted productivity - Reuters

• Exclusive: Public trust in AI is sinking across the board - Axios

• Ex-Google Engineer Charged With Stealing A.I. Secrets for Chinese Firm - The New York Times