This past week, the FTC issued orders requiring nine data brokerage companies to answer a host of questions about how they collect and use consumer data. Generally speaking, data brokers collect personal information about consumers from a variety of public and non-public sources, both online and offline, and resell the information to other companies for marketing and investigative purposes. However, consumers are often unaware of the existence of data brokers and how they collect and use data.
This study echoes certain statements in the agency's final privacy report issued earlier this year, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers" (see our prior post). That report called upon the industry to improve the transparency of its data collection practices and urged Congress to enact targeted legislation to do this. The FTC will use the responses it receives to prepare a study and to make recommendations on how privacy practices could be improved within the industry.
Among other things, the FTC orders requested information about:
- The nature and sources of the consumer information the data brokers collect, as well as a description of the nature of all products and services offered by data brokers
- The means by which each type of personal data is collected, including browser cookies, online and social media activities, user textual input, users' mobile activity. The order also asks whether each type of personal data collected is aggregated, anonymized, or de-identified.
- The methods by which brokers provide notice to consumers about their personal data collection and sharing practices, including any written policies or statements relating to the privacy or security of such data
- Whether a data broker acquires the consent, permission, or approval of consumers before collecting and storing consumer data.
- The extent data brokers allow consumers to access and correct their information or to opt out of having their personal information collected or sold.