Data Privacy Bill Aims to Regulate Data Brokers
A new bipartisan data privacy bill, the American Privacy Rights Act (APRA), has been unveiled by House and Senate leaders, aiming to impose restrictions on large data brokers. These firms collect and combine vast amounts of personal data, selling it to advertisers, governments, and other interested parties.
The bill, developed by House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and Senate Commerce, Science and Transportation Committee Chair Maria Cantwell (D-Wash.), seeks to establish a national data privacy and security standard. It would subject companies to a comprehensive set of new requirements, limiting and regulating how they use, store, protect, and share the personal data they collect directly from customers and through other means.
Urgent Threat to Privacy
Researchers and experts warn that the unregulated collection and sale of Americans’ personal information by data brokers poses a serious threat to privacy. While APRA takes some steps to address this issue, many experts believe more aggressive measures are needed to effectively regulate the industry.
Key Provisions of APRA
1. Defining and Tracking Data Brokers:
– The bill defines the data broker industry in federal law.
– It proposes measures to identify and track the biggest players in the market.
2. Restrictions on Data Brokers:
– Brokers would be prohibited from advertising or marketing data for stalking, harassment, identity theft, fraud, or unfair business practices.
– The Federal Trade Commission (FTC) would create a national registry to track data brokers handling data linked to more than 5,000 individuals.
– Individuals could submit “Do Not Collect” requests to registered brokers.
3. Transparency Requirements:
– Brokers must provide clear notices on their websites identifying their business model and offering opt-out links.
– Companies selling or transferring customer data to larger brokers must disclose specific details about the data transfer.
A Vast and Growing Industry
The global data broker industry was valued at over $240 billion in 2021 and is expected to reach $462-471 billion by 2031-2032. North America holds the largest market share. Currently, there are few meaningful restrictions on how data brokers operate, making the market “virtually unregulated,” according to Justin Sherman, a senior fellow at Duke University.
Mixed Reactions and Lobbying Efforts
While APRA brings more scrutiny to the industry, some experts argue that the lack of stronger measures to regulate and restrict the sale of personal data is a victory for data brokers. Transparency and self-regulation are seen as lobbying strategies to keep the burden on consumers.
The data broker industry has already unleashed significant lobbying efforts in response to tentative regulation attempts. Companies like RELX, Experian, and Equifax have spent millions lobbying Congress on privacy bills.
Potential Improvements and Limitations
Experts suggest that a stronger bill would empower consumers to opt out of data collection and have previously collected data deleted. It would also provide greater resources to privacy regulators and allow citizens to sue bad actors through a private right of action.
The bill’s data-minimization provisions may help reduce the flow of customer data sold to data brokers. However, the opt-out features would need to be accompanied by awareness-raising efforts to be effective.
Addressing Government Use of Data
APRA largely avoids addressing how federal agencies can use data purchased from brokers. Other proposals, like Sen. Ron Wyden’s Fourth Amendment Is Not For Sale Act, would restrict law enforcement and intelligence agencies from purchasing personal information without a court order.
In the absence of congressional action, national security officials are developing their policies and guidelines to govern the use of commercially acquired data.