FTC's 'Reclaim Your Name' alone won't rein in data brokers, experts say

The Federal Trade Commission's new proposal to add some accountability to the data broker industry is merely a first step toward giving consumers some control over the handling of their personal information, privacy experts say.

FTC Commissioner Julie Brill proposed on Wednesday an industry-wide initiative, called "Reclaim Your Name," which would give consumers access to data collected on them, and the ability to correct errors. They could also opt-out having their information used for marketing.

Participation in the initiative, recommended during Brill's keynote at the 23rd Computers, Freedom and Privacy Conference in Washington, D.C., would be voluntary, so it's unclear whether it will get much support from the unregulated industry.

Data brokers are companies that collect personal information on consumers from a wide variety of sources, including the Internet, and then resell it to businesses.

In general, privacy experts welcomed the attention Brill gave to unbridled collection of consumer data, some of which is used to determine whether someone is too risky to do business with, is engaged in fraud or is ineligible to enroll in certain clubs, dating services, schools or other programs. However, whether a voluntary program is enough remains to be seen.

"I welcome the attention to the many problems consumers are having locating and managing their records at various data brokers," Pam Dixon, executive director of the World Privacy Forum, said on Thursday. "I am interested to see how many data brokers step up to the effort -- there will need to be a majority of them participating for any meaningful effort to occur."

Brill would support legislation that would require data brokers to provide "notice, access and correction rights to consumers scaled to the sensitivity and use of the data at issue." For example, people should have the opportunity to correct information used in eligibility determinations.

[Also see: The 15 worst data security breaches of the 21st Century]

Beth Givens, director of the Privacy Rights Clearinghouse, said data brokers should be regulated like credit bureaus under the Fair Credit Reporting Act. The FCRA gives consumers notice, access and correction rights for all data used in making employment, credit, insurance and housing decisions.

"The data broker industry must be regulated," she said.

Congress has investigated data brokers' use of consumer information, but has yet to make a serious effort at regulating the industry, leaving it up the FTC to do what it can.

Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, would like to see the FTC do more with the authority it already has.

"The FTC has statutory authority to investigate and prosecute unfair and deceptive trade practices," Rotenberg said. "The president has already made clear in the Consumer Privacy Bill of Rights that consumers should have the right to inspect and correct their personal information held by others."

"The FTC should use its Section 5 authority (under the FTC Act) to enforce the Consumer Privacy Bill of Rights," he said.

Privacy rights group have been stepping up research and advocacy efforts aimed at putting a leash on data brokers. While Brill's proposal adds pressure to the industry, Jeffrey Chester, executive director for the Center For Digital Democracy, said it is "just one part of a growing consumer effort to rein in the out of control data broker business."

Other voluntary efforts at protecting consumer privacy have had limited success. For example, the World Wide Web Consortium (W3C) is currently working with advertisers, privacy advocates, regulators and software developers on a standard for Do Not Track. The initiative is meant to give consumers an option within Web browsers to opt-out of being tracked by advertisers while on the Internet.

So far, a consensus on how much control should be given to Web users remains elusive. "There's progress, but it's slow," Aleecia M. McDonald, director of privacy for Stanford University's Center for Internet and Society, recently told CSOonline.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Federal Trade CommissionapplicationsReclaim Your Nameftcdata privacysoftwaredata protectionData Protection | Data Privacybig data privacy

More about BillElectronic Privacy Information CenterFederal Trade CommissionFTCStanford UniversityW3CWorld Wide Web Consortium

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts