While the country focuses on the U.S. Supreme Court as it considers arguments about whether the U.S. Constitution contains rights for gay and lesbian adults to enter into marriage contracts, there is another case before the Court that is arguably of equal, if not more, importance.
The current case is Spokeo v. Robins, U.S. Supreme Court, No. 13-1339. The U.S. Chamber of Commerce, Facebook, and Google have filed friend-of-the-court briefs to support Spokeo.com's position. Maybe you've heard about Spokeo.com, the people-finder website, or have even used it. This blog first reported about Spokeo.com back in 2010.
This is a Court case you'll want to follow. Why? Basically, the lawsuit is about who controls consumers' personal property: specifically, the profile information about consumers in various databases compiled by data brokers. Do individual consumers each control their profile data, or do the data brokers? You might say, the case is about whether we want accurate "bigdata" or not.
The plaintiff, Thomas Robbins a Virginia resident, originally filed a lawsuit in 2010 in California alleging the data collected and sold about him by Spokeo.com was incorrect, prevented him from finding a job, and as a result violated the Fair Credit Reporting Act (FCRA). The FCRA requires that consumers receive notice about their profile information and have the rights to view and correct their information collected by credit reporting agencies. Also, consumers have the right to lock down or prevent their credit reports from being sold by the three major credit reporting agencies: Experian, TransUnion, and Equifaz. Of course, in this case Spokeo.com claimed that it is not a credit reporting agency.
Robbins' suit was dismissed in 2011 by a lower court for lack of standing; that he hadn't proved harm. An Appeals Court reversed the lower court's decision in 2014. The U.S. Supreme Court will hear the case, and its decision will hopefully settle the matter.
University of Washington School of Law professor Anita Ramasastry analyzed the case:
"Spokeo attempts to immunize itself from FCRA violations by stating that it is not providing data for use in credit reporting. But as a recent lawsuit illustrates, Spokeo’s data is being used for such purposes, because the company may not have sufficient safety precautions... Robins’s lawsuit is not the first time that Spokeo has gotten into hot water. While it claims to be a site selling personal data for other uses (e.g., cultivating new clients, finding old friends, and evaluating prospects for business deals) it is skating on thin ice, as its data is also useful to landlords, employers, and even lenders, who may subscribe to the service as a way of doing additional background checks on people. These new types of data brokers are either unregulated, or claim that certain laws do not apply to them..."
Spokeo paid $800,000 in 2012 to settle charges by the U.S. Federal Trade Commission (FTC) that it allegedly violated the Fair Credit Reporting Act by operating as a credit reporting agency and by marketing consumers' profiles to companies in several industries without implementing methods to protect consumers as required by the FCRA. The complaint (Adobe PDF) filed by the FTC, in June 2012 in the Central District Court in California, read in part:
"Spokeo assembles consumer information from 'hundreds of online and offline sources,' such as social networking sites, data brokers, and other sources to create consumer... In its marketing and advertising, [Spokeo] has promoted the use of its profiles as a factor in deciding whether to interview a job candidate or whether to hire a candidate after a job interview. Spokeo purchased thousands of online advertising keywords including terms targeting employment background checks, applicant screening, and recruiting. Spokeo ran online advertisements with taglines to attract recruiters and encourage HR professionals to use Spokeo to obtain information about job candidates' online activities. Spokeo has affirmatively targeted companies operating in the human resources, background screening, and recruiting industries... Spokeo profiles are consumer reports because they bear on a consumer's character, general reputation, personal characteristics, or mode of living and/or other attributes listed in section 603( d), and are "used or expected to be used... in whole or in part" as a factor in determining the consumer's eligibility for employment or other purposes specified in section 604."
A 2012 survey found that most consumers are unaware about how data brokers operate. In her analysis, professor Ramasastry explained:
Plus, consumers must pay to view their full profile at Spokeo.com. Professor Ramasastry concluded that the lawsuit (bold emphasis added):
"... illustrates the gray zone in which Spokeo has been operating. It is collecting data that is not traditionally the type of data that has been used for credit-reporting purposes. Employers, banks, insurers, and landlords have typically relied on financial history: how much debt a person has, whether he or she has paid their bills on time, whether he or she has a criminal record, etc. But Spokeo and other companies are compiling even more robust data sets, with new types of profiles that creditors and others will also find useful when making decisions, so Spokeo has a product that creditors want... And the underlying issue is this: when the information is used for a major life decision, such as whether someone might be hired or not, the person affected has no recourse, or ability to correct the errors."
It's not just Spokeo.com. Other data brokers operate in the same "gray zone." One example is the mugshot industry, where its data seems similarly error-filled. Mugshots from arrest records published don't seem to be updated based upon the results of court cases when charges are dropped or when defendants are found not guilty by a court. And, there are some print mugshot publications. Plus, the mugshot industry operates in an ethically questionable manner when it charges consumers with large take-down fees to have their mugshots removed (only to reappear in another site).
What can consumers conclude about all of this? Four things:
- The data compiled by many data brokers has errors, whether they admit it or not. Consumers don't know how accurate (or inaccurate) the data compilation processes are. This can affect you. That data brokers' databases have errors should not be a surprise since errors by credit reporting agencies are well documented. the two perform similar functions.
- What consumers share online in social networking sites can affect whether or not you get a job, or even get an interview. In the rush to make money and create new revenue streams, social networking sites will sell your information to data brokers, and your profile data will find its way into sites like Spokeo.com.
- What gets decided in this case probably will have ripple impacts upon the whole Internet of things (ioT) industry, as the Internet-connected devices installed in "smart homes" collect even more information about consumers' habits, movements, purchases, utilities, and product usage.
- There are rarely-discussed ethical issues. Is it right for data brokers to sell information about consumers they know isn't correct, and pretend that it is? Is it right for data brokers to charge consumers a fee to see their own profile data? After all, without consumers data brokers like Spokeo wouldn't have anything to sell. Is it right for creditors and employers to sue data brokers' sites with incorrect information?
My opinion: if it walks like a duck, quacks like a duck, and smells like a duck, then it probably is a duck. Spokeo claims it's not a credit reporting agency, but it surely operates like one. The FTC case highlighted the company's operations with procedures that may not prevent creditors from performing FCRA applications. Think of it this way: to find somebody online, you can simply search Facebook, one of the major search engines, or a white-page telephone site. So, the data compiled by Spokeo seems intended for more advanced purposes beyond finding people. Spokeo can't and shouldn't have it both ways: enjoy the benefits and revenues without complying with the FCRA requirements.
At some point, one has to hold companies accountable for selling error-filled information. If not, then you have chaos. What are your opinions?