Senators Propose A New Bill To Help Consumers And Hold Data Brokers Accountable
Tuesday, February 18, 2014
Senators John D. "Jay" Rockefeller IV (D.-W.Va.) and Ed Markey (D-Mass.) recently proposed the Data Broker Accountability and Transparency Act of 2014 (DATA Act, S2025) to provide accountability for companies that make money by collecting and selling information about consumers that are not their customers. The Electronic Privacy Information Center (EPIC) explained the proposed legislation:
"Under the DATA Act, consumers would be able to access their personal information, make corrections, and opt out of marketing schemes. The DATA Act would empower the FTC to impose civil penalties on violators, and would prohibit data brokers from collecting consumer data in deceptive ways."
A variety of companies collect, and sell, information about consumers. During the past 6+ years, this blog has reported about some data brokers, including ChoicePoint, Acxiom, Intelius, US Search, Spokeo, and Lexis-Nexis. Several data brokers have experienced data breaches, and some have sold consumers' sensitive personal data to organized crime. Data brokers collect a wide variety of information about consumers including but not limited to: current and past residential addresses, landline and mobile phone numbers, financial records, products and services purchased, autos purchased, retailers you shop at, and a lot more. With the growth of smart phones, mobile devices, and wearable devices, this data collection is growing quickly to also incude consumers' geo-location information and movement in the real world, health information, and exercise/workout information.
With the rise of data mining (a/k/a "big data"), companies seek to collect as much information as possible about their customers as possible. By analyzing this data, companies can deduce your favorite colors, tastes, and related preferences; including whether you are right- or left-handed. Your personal information is bought, sold, and traded between banks, data brokers, retail stores where you shop, telemarketing firms, collections agencies, and your local government.
"“Consumers have the right to access to their personal data, the ability to correct it, and opt-out from marketing purposes, and Chairman Rockefeller’s legislation ensures these critical consumer controls... The data broker industry has for too longer operated in the shadows, compiling dossiers on millions of Americans. It is time to shine a light on this industry, and Chairman Rockefeller’s legislation helps put in place a system of rules that puts consumers in control of their information. I am proud to co-sponsor this bill...”
And:
"The Data Broker Accountability and Transparency Act of 2014 (DATA Act) comes on the heels of an investigation and majority staff report by the Commerce Committee into the multibillion-dollar industry. Released in December 2013, the report revealed the breadth and scope of the sensitive data – including financial, health, and other personal information – that is routinely amassed by data brokers on consumers without their knowledge or consent. The Committee also held a hearing on Dec. 18, 2013, to examine the privacy and accountability concerns with the industry."
Kudos to Senators Markey and Rockefeller for looking after the needs of consumers. The Direct Marketing Association (DMA) opposed the proposed legislation:
"Though similar bills have died on the Senate floor previously, the Direct Marketing Association says it intends to fight the DATA Act's progress “tooth and nail” due to the high profile it receives from Rockefeller... The section of the DATA Act that most offends marketing stakeholders would compel data brokers to grant consumers access to their data with the ability to correct it at least once a year at no cost. The cost would fall on the so-called data brokers."
You would think that an industry that wants to sell accurate information would welcome corrections by consumers, who know their personal information best. It seems that accuracy takes a back seat to profitability. And, the companies making profits with the information they sell are in the best position to absorb the costs of corrections. If they can't do so profitably, then get out of the business.
Read the full text of the proposed DATA Act (Adobe PDF). Contact your elected officials and tell them to support the DATA Act.
In the interest of full disclosure, I worked for Lexis-Nexis in its Dayton, Ohio headquarters from 1984 to 1986.
The DATA Act is a good first step. But I have a more fundamental set of legal questions: First, when did our personal information cease to be ours? And second, when did the memory and processing resources of our computing devices (computers, smartphones, tablets, etc.) also cease to be ours? Now, when it comes to our personal information, such as about our health, purchases of goods and services, opinions, preferences, dislikes, etc., those things are not only about us; we are the ones who create and generate that information; we are the sole and unique authors of that information. Yet, somewhere, in the mist of Congress making sausage, that is, legislating, we ceased to own our information about ourselves.
Well, Congress divesting us of our property rights in our personal information does not comport with any tradition or principle of common law. In fact, it is quite to the contrary. The three incidents of property, use, disposition, and control would normally be vested in the property’s creator, not in those who merely collect it and then either use it to make profit or sell it to others for a profit.
Nor is there any basis in the U.S. Constitution for Congress having the authority to transfer to others our property rights in our personal information. In fact, the Constitution expressly prohibits Congress from taking a person's property without due process of law. And, if Congress were to take a person's personal information under an imminent domain-type of theory, it could only do that for a public purpose and only after providing just compensation. There are no other ways for either the Congress or a state government to take our property rights in our personal information. Yet Congress has done exactly that without due process and without being able to apply eminent domain, which clearly would not under the instant relevant circumstances be applicable to personal property.
Therefore, our property rights in our individual personal property should belong to each of us, and not to Google, Facebook, data brokers, or any third party. The only time that any third party should have the right to use, dispose of (i.e., collect), or control our personal information is where we've given our license to that third party, after giving our informed consent as the result of a fair and freely bargained and negotiation license. Since that is not the case and because congressional statute divesting us of our property right in our personal information violates either the 5th or 14th Amendments of the U.S. Constitution. The federal courts should strike that legislation down as unconstitutional and restore to each of us our property rights in our personal information.
Our rights in the memory and processing power of our computing devices has also been illegally divested. There is no question that our computing devices, at least where we’ve purchased them, are our personal property. And so it is true that we own our computing devices’s memory and processing capacity. We also either own the software on our computing devices or, as in the case of the operating system, have the exclusive license to use that software to operate our computing devices and run software. As such, the all of the memory, where RAM, ROM, hard drive, etc. is our personal property, as are the various processors and bus connections. And with the exception of Google’s Android and some other operating systems, we have the exclusive right to use our devices’ operating systems to operate our devices and run software. No one reasonable disputes this. Yet, often without our informed consent and license, third parties routinely install cookies, beacons, trackers, etc. in our computing devices‘ memory and use our software on our devices to operate that trespassing software. How did that happen? How did we lose the property rights in our computing devices to decide what, if any, software is installed on our devices, how that software functions, and what that software does on our devices?
Here, the legal antecedents are even murkier. As far as I know, neither the federal government or any state government has ever passed any law that abridges our property rights in our computing devices, nor could they constitutionally do so. So by what contractual consent or authority of law does anyone install any software or code, even one cookie, on our computing devices? Well, there is no contractual authority or law that permits a third party to do that, except in certain cases. Google, for example, requires that all users of Android devices consent to its terms to fully use Android and its various services, such as Google+ and Gmail; Facebook, likewise, require consent to its terms to even get onto Facebook, and there our other examples of that sort of thing. But absent that, no one ought to have the right to install anything on our computing devices without our informed consent. Yet they do, and routinely do it without having received our fairly and freely negotiated license.
So where have our missing property rights in our personal information and our computing devices gone? Where Congress took our property rights in our personal information, quo warranto, that is, by what right has it done that, since the U.S. Constitution gives it no such authority? Where others have violated our property rights in our computing devices by installing code/software on our computing devices without our permission, by what permission or authority of law have they done that?
Posted by: Chanson de Roland | Tuesday, February 18, 2014 at 02:12 PM