In the 2022 China Consumer Rights Gala (3.15 Gala), “privacy” became the crucial theme again. Whether the cases of free Wi-Fi stealing users’ information or children’s smartwatches allowed to be remotely controlled by the third party, revealing that Internet technology is blurring the boundaries of privacy. As Flew (2021) maintains, the lack of privacy protection is one of the most annoying issues in the digital age.
When discussing privacy issues and data usage, the articles mainly focus on how the Internet giants deal with these problems. However, the agencies that collect personal data and sell them to the companies for business purposes do not draw much attention. And the business is called data brokers.
Who they are? How do they work? Does it be well regulated? The blog takes data brokers as the case to discuss the issue of information disclosure in the digital era and provides some suggestions on governance.
Data broker
A data broker is defined as a company that collects information from various sources including personal information and sells them to a third party for profit (Federal Trade Commission, 2012).
It can catch information from the track on the Internet and organise it to help its customers to better make the decisions. According to Los Angel Times, Lazarus (2019) mentions data broker industry generates a profit of over 200 billion dollars each year and it is still growing.
Type of collected data
The collected data may include “age, race, sex, weight, height, marital status, education level, politics, buying habits, household health worries, vacation dreams” (Singer, 2012). Furthermore, Roderick (2014) points out that except the basic information, consumption habits, social activities, Internet using preference and other psychological and demographic data are collected as well.
Rather than selling these original data, data brokers can further organise and analyse the data. It contributes to shaping user portraits to assist their customers to augment the connection with their prospects and understanding of the consumers, which enables them to add brand value and enhance the market competitiveness.
The ways of collecting data
Data brokers are able to collect data from both online and offline resources. From given permissions of your mobile Apps, automated scraping bots that can catch public profile information, buying credit card transaction information and browser cookies that can track your all activities on the Web, data brokers can collect most of your personal, demographical and psychological information. In addition, public records such as property records, marriage licenses and divorce records are the offline channels.
Privacy issues and data broker
According to Federal Trade Commission (2012), data brokers mainly work for “verifying an individual’s identity, differentiating records, marketing products, and preventing financial fraud”. It seems like these activities will not impact us negatively. However, information disclosure and data misusing are usual in the industry. In 2013, the most severe scandal happened in the industry.
It is reported that a data broker sold MEDbase 200’s lists of rape victims, alcoholics, the elderly suffering from dementia disease, HIV suffers and even erectile dysfunction sufferers. Moreover, the home address of police officers and the email address of domestic violence also become the “commodities” waiting to be sold out.
You may not imagine that the extremely private information was only sold for $79 per 1000 names, which means each piece of detailed personal information is worth less than 8 cents. Although these lists were removed finally, there were still some companies providing similar products.
The right to privacy has been put forward in 1890 (Bycer, n.d.). It empowers people to have the right to be left alone and control personal information and decide how it can be used (Rengel, 2013, as cited in Flew, 2021). In addition, respecting others, protecting individuality and no change due to personal health or disability are the key points of the right to privacy as well (ibid).
However, the case of information disclosure shows that data brokers did not follow any of the above requirements of privacy. They are unethical and even have no bottom line. The selling of information about patients or victims could cause secondary damage to these people. Additionally, the exposure of information of police officers may pose a threat to their lives and property and their families.
Similarly, besides these “special” person, the exposure of the personal information of everyman also lead to annoying and harmful results. For example, telephone harassment is not uncommon. I once got a phone call from someone who said my name and even my ID number. At that moment, I only felt so scared. In addition, fraud cases caused by information disclosure often occur as well. In China, Internet users lost 91.5 billion yuan due to information disclosure in 2016 (Chang, 2016).
It is not said that all cases of information disclosure result from data brokers. However, as professional organisations which catch, save and utilise hundreds and thousands of data for profits, it is impossible to completely avoid or solve the problem of personal privacy leakage.
Back to the ways the data brokers catching personal data, there are still issues about privacy. Usually, data brokers collect data from the Internet. It is because life is being digital, established on big data. Smartphone, various Apps, online bank and intelligent housing system, these devices and systems we use fill our daily lives and record everything we do.
When they provide us with convenience, they also charge a “fee” – personal data – our privacy. As Flew (2021) said, personal information has become the “admission ticket” to obtaining online services.
However, although we regard the behaviours of data brokers as an invasion of privacy, the ways they collect data following the laws and how they run companies are legal. It is because they informed us with the terms of services and we all agree with that.
Mostly, we do not read the Terms of Service and click “Agree” or “Accept all cookies” directly. Although it results from the long terms and is written with professional and unreadable words (Suzor, 2019), we have to bear the consequences of clicking “agree”.
Nonetheless, some Apps even do not give a chance to refuse (ibid). For instance, some Chinese software can only be used if you click “Agree”. In this situation, we are forced to trade private information for access to the software.
Moreover, the case reflects a concept– privacy paradox. People are concerned about privacy issues and are against the disclosure of information, but this attitude does not affect their behaviours leading to privacy disclosure. Therefore, the attitude and behaviour are reversed. It is people’s behaviours that encourage data disclosure.
However, they have no choice because it is difficult to give up the convenience brought by technologies in the digital era. Hence, finding out a balance point between convenience and privacy is significant.
Measures for solving information disclosure issue
After the exposure of the case of MEDbase 200, Pam Dixon, World Privacy Forum executive director, highlighted that it is essential to enhance government regulations in the industry of data brokerage (Hicken, 2013). Similarly, Federal Trade Commission called for main data brokers to take responsibility to increase the transparency of the data practices (ibid).
Moreover, as digital platforms are becoming more vital in society and the unknown algorithms lead to a crisis of confidence in data management, there are growing calls for tighter regulation on the Internet (Flew, 2018).
European Union (EU) enact laws to deal with information disclosure, General Data Protection Regulation (GDPR), which is tough and detailed. It involves all organisations that collect data in the EU, empowering consumers with the right to consent to the organization collecting data and requiring the organization to delete data related to them. The strict law can protect the privacy of Internet users from being leaked by data brokers to a large extent.
Similarly, in 2019, the California government promulgated a bill, AB 1202, requiring data brokers to register every year with their name, email address, details of data gathering practice and other information (Lazarus, 2019).
However, these laws or policies only focus on the regions. There is no global consensus to deal with the issues of data disclosure. In other words, the governance of privacy protection still needs to be strengthened globally. As Burdova (2020) says, the data of people in the EU are better protected than those in China or Russia. In addition, the governance of information disclosure cannot just target data brokers but is necessary for other digital industries. Therefore, the blog proposed some suggestions to deal with the issue of information disclosure.
Suggestions on governing privacy issues
Gorwa (2019a) points out that governing online issues is not easy work and has many potential challenges. And he asserts the governance model of multilateral participation. Similarly, Gorwa (2019b) put forward the governing methods of self-governance, external governance and co-governance. In addition, the multistakeholder model is regarded as the cooperation between different stakeholders and different regions, which is appropriate for global governance (Mueller, 2017). Therefore, the suggestions are proposed from three aspects: self-governance, external governance and the multistakeholder model.
Self-governance: corporation
Corporations are supported to take the responsibility to protect the privacy of their users or consumers. At the least, their behaviours of collecting and utilising data should be legal. And it is important to do not to attempt to use the grey zone of privacy protection to gain profits. Furthermore, corporations also need to improve the technologies to prevent personal data from being disclosed.
In addition, the corporation should be given charge of the problem that users do not want to read the Terms of Service. They should try other forms of presentation to inform users about privacy policies instead of the long and incomprehensible agreements.
External governance: government
What government needs to do is enhancing the supervision. Only government can urge corporations to take the social responsibility and supervise them to avoid pursuing profits maximum by any means. Therefore, establishing a clear governance framework to balance privacy protection and data collection and utilization.
In addition, the strict laws (i.e., GDPR) are supposed to be enacted and adopted according to the situation of each nation, pinpointing how to collect personal data, where to save, where to use, who to store them, what kind of permission should obtain before data collection and other more specific regulations.
Multistakeholder model
Meanwhile, globalization makes nations and regions no longer isolated. Therefore, the governance of privacy issues should be considered from a global perspective. The multistakeholder model can be taken into account as an effective method. It organises individuals, corporations, non-commercial organisations and governments to cooperate to discuss and develop policies to solve an issue (ICANN, 2013).
Internet Corporation for Assigned Names and Numbers (ICANN) is a representative of adopting the multistakeholder model. It is a not-for-profit organisation managing the affairs of the Internet’s Domain Name System. Through the multistakeholder model, it places stakeholders on an equal level to work for maintaining the security, stability and interoperability of the Internet.
Dealing with information disclosure can try to apply this model to invite users, platforms, data brokers, governments and other stakeholders to discuss from multi-perspective to create a safe and energetic Internet environment.
How we protect ourselves
There are some tips for you to protect your information online:
- Learn about the related policies or laws about the privacy of your nation or region and know how to protect yourself.
- Have a sense of privacy and keep your actions consistent with your attitude. For example, click “Accept all cookies” after some thinking.
- Reduce or avoid publishing your personal information online.
- Avoid downloading applications from unreliable sources and connecting to the public Internet.
- Use ad-blocking software when looking through web pages.
Conclusion
The blog takes data brokers as the case to discuss online privacy issues. It introduced data brokers and analyse its threat to information disclosure with an example of MEDbase 200 and then proposed three suggestions on how to regulate the issue from self-governance, external governance and the multistakeholder model.
In the digital era, it is no doubt that our privacy is threatened and facing the issue of information disclosure when we access applications and web pages. Fortunately, the governance of platforms is gradually getting on track. It is possible that we can find a balance point between enjoying the convenience brought by technologies and information dafty.
Reference
Bycer, M. L. (n.d.). Understanding the 1890 Warren and Brandeis “The Right to Privacy” Article. National Paralegal College.https://nationalparalegal.edu/UnderstandingWarrenBrandeis.aspx
Chang, P. (2016). Internet users’ rights and interests report: The infringement losses of Internet users reached 91.5 billion yuan. CRN News. http://finance.cnr.cn/txcj/20160624/t20160624_522483977.shtml
Federal Trade Commission. (2012). Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers.
Flew, T. (2018). Platforms on trial. InterMedia, 46(2), 24-29.
Flew, T. (2021). Regulating Platforms. John Wiley & Sons.
Gorwa, R. (2019a). The platform governance triangle: Conceptualising the informal regulation of online content. Internet Policy Review, 8(2), 1-22. 10.14763/2019.2.1407
Gorwa, R. (2019b). What is platform governance?. Information, Communication & Society, 22(6), 854-871.
Hicken, M. (2013, December 19). Data brokers sell lists of rape victims, AIDS patients, privacy group finds. CNNMoney. https://money.cnn.com/2013/12/18/pf/data-broker-lists/
ICANN (2013). Beginner’s Guide to Participating in ICANN. https://www.icann.org/en/system/files/files/participating-08nov13-en.pdf
Lazarus, D. (2019, November 5). Column: Shadowy data brokers make the most of their invisibility cloak. The Los Angele Times. https://www.latimes.com/business/story/2019-11-05/column-data-brokers
Mueller, M. (2017). Will the internet fragment?: Sovereignty, globalization and cyberspace. John Wiley & Sons.
Roderick, L. (2014). Discipline and power in the digital age: The case of the US consumer data broker industry. Critical Sociology, 40(5), 729-746.
Singer, N. (2012, June 16). Mapping, and Sharing, the Consumer Genome. The New York Times. https://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html
Suzor, N. P. (2019). Lawless: the secret rules that govern our digital lives.
Cambridge University Press
