Protecting your personal information from data brokers
How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where you shop, what you search online, even stuff from public records – and then sell it to other companies, mostly for ads.
The real problem lies in the lack of transparency since most people have no idea how data brokers collect, use, or store their personal information. Unauthorized sharing of personal data can result in identity theft, financial fraud, and other serious violations.
How data brokers gather information
Data brokers aggregate and analyze information from multiple sources to build detailed consumer profiles. Their data collection methods include:
Public records: Including property records, voter registration, and court documents.
Online activity: Web browsing history, search queries, social media interactions, and online purchases are tracked to build behavioral profiles.
Social media: The content you share, the posts you engage with, and the connections you make contribute to a comprehensive digital profile, offering insights into your interests and behaviors.
Purchase history: Information from loyalty cards and purchase transactions is collected and sold.
Demographic information: Data on age, gender, income level, education, occupation, and family status is compiled.
Health and wellness data: Non-medical health-related data, such as fitness app usage, prescription purchases, or interest in medical conditions, is collected..
Location and mobility tracking: Mobile apps and GPS data enable tracking of users’ movements, frequented locations, and commuting patterns.
Data exposure risks
The amount of personal data collected and sold by data brokers can lead to exploitation through scams and even blackmail.
Identity theft: Criminals who gain access to your personal data can impersonate you to open fraudulent accounts, take out loans, or file false tax returns, potentially causing financial loss and damaging your credit score.
Targeted scams: Detailed consumer profiles enable scammers to craft highly convincing phishing emails, fraudulent phone calls, and other social engineering attacks that exploit personal details and vulnerabilities.
Loss of privacy: The constant tracking and data collection undermine your privacy, exposing you to surveillance and potential manipulation. This can create a feeling of unease and a lack of control over your personal information.
In 2017, a cyberattack on Equifax exposed the personal information of approximately 143 million U.S. consumers. Criminals exploited a vulnerability in a U.S. website application to access files containing names, Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers.
The Cambridge Analytica scandal illustrated how aggregated personal data, particularly from social media platforms, can be used to manipulate public opinion and influence political outcomes. In this case, millions of Facebook profiles were harvested without explicit consent and used to create targeted political advertisements.
Steps to protect your personal information
Protecting personal information requires consistent effort. Here are some steps you can take to minimize your exposure.
Regularly review and adjust privacy settings: Users must conduct regular audits of these settings, particularly concerning third-party application permissions, granular data sharing controls, and geolocation services. Platforms like Facebook, X, Instagram, and Google offer privacy controls that allow you to limit who can see your posts, access your data, and track your activity.
Opt-out of data collection: Many data brokers provide a mechanism for individuals to opt out of their data collection practices. Websites like OptOutPrescreen.com and DMAChoice.org allow you to request that your data not be used for marketing purposes. While opting out may not remove all your information from their databases, it can limit exposure.
Exercise caution when sharing personal details: Avoid sharing too much personal information in online forms or social media posts unless absolutely necessary and with trusted entities.
Use strong passwords and 2FA: To further protect your personal information, use strong, unique passwords for each account and enable 2FA wherever possible.
As a awareness about data brokers rises, many individuals seek out services designed to help remove or limit the personal information they have in these databases.
Data removal services help by contacting brokers to remove your information, reducing your exposure to marketing and privacy risks. Some even help you opt-out of future data collection, preventing further accumulation of your personal data across various platforms.
While these services can be effective in removing your information from major data brokers such as Acxiom and Experian, there are limitations. Not all data brokers may comply with removal requests, and some may re-enter your data into their systems over time.
Even after using a data removal service, there’s no guarantee that your personal information won’t resurface elsewhere. Additionally, the process of removal can be time-consuming, and some services charge fees for ongoing protection and monitoring, making it important to weigh the costs against the benefits.
Your rights under data protection laws
You have the right to access the personal data that data brokers hold about you and request corrections if any of it is inaccurate. In certain situations, you can also ask for your data to be deleted (this is called the right to be forgotten) or for its processing to be limited.
You have the right to transfer your data to another organization, and you can object to how your data is being used, especially for things like marketing. If decisions about you are being made automatically, you can challenge those decisions if they’re based solely on automated processes.
If you believe a data broker is misusing your personal information or violating your privacy rights, it’s important to know how to take action.
First, try to resolve the issue by contacting the data broker directly. If they do not address your concerns, you can file a complaint with the relevant supervisory authority, such as the data protection authority in the EU or the Federal Trade Commission (FTC) in the U.S. If the issue persists, you can take legal action.
In the EU, under GDPR, you have the right to sue for damages if your rights are violated. In the U.S., laws like the California Consumer Privacy Act (CCPA) also allow for legal action in cases of data privacy violations.
To protect your personal information, it’s important to stay proactive and adapt to new privacy tools and regulations. As technology advances, companies continuously update their methods for collecting, storing, and using data. New tools and laws regularly emerge that offer stronger ways to protect your privacy. By staying informed and regularly updating your security settings, you can exercise greater control over the use of your data.