Vermont goes after the data brokers

Vermont goes after the data brokers

GDPR is not the only name in the privacy/data collection game. Vermont is leading the charge in the USA

Do you know your data brokers?

One of the big mysteries of the internet is just who is collecting data about your online activities. It’s a critical question as this information about you is sliced, diced, and resold to about anyone. Not only was the way this information was collected potentially invasive, its use can also be discriminatory – targeting people in regards to medical issues, race, and where they live. The good news: If you live in Vermont, USA – you will soon be able to find out. The bad news: If you are one of the other 325 million people living in the USA – you’ll have to wait, maybe forever.

The American privacy conundrum

The famous American Bill of Rights only goes so far in this modern age – there is no right to digital privacy. When it comes to what they are going online, Americans can expect the opposite – their activity will very likely be tracked, compiled, and resold by data brokers so they can be sent an adequate supply of targeted advertisements.

It’s not even universally clear what a data broker is or how there are. The new law from Vermont defines a data broker as a business unit that deals with the “brokered personal information of a consumer with whom the business does not have a direct relationship.”

Just in the United States, the estimated number of data brokers range from 2,500 to 4,000. And it’s really not clear how much information they have – but it’s a lot. Acxion, as a large example, reportedly has data on 500 million consumers worldwide, has 23,000 servers collecting and analyzing this data, and up to1,500 data points per person – and that’s just one company.

Vermont goes after the data brokers - in-post

Vermont is more than leaves and maple syrup

Efforts to uncover the extent of data broker activity have not generally gotten far in the US – until now. Vermont, a state most known for its beautiful Autumn maple leaves and Bernie Sanders, has changed that. The new law has three major points:

  1. Data brokers dealing with info on Vermont citizens will have to register. This will help make the marketplace more transparent.
  2. Opt-out conditions will have to be publicized. Companies will need to disclose what the opt-out options are and how people can exercise them.
  3. Data breach info. Companies will have to disclose any data breaches and the number of affected people.

While this law is not exactly earthshaking, it is a first for any of the 50 states in the USA. As such, its impact will be far greater than the state’s tiny ranking (49th state by population with just 626,000 people). It is expected that this may strengthen other efforts to rein in data brokers underway in the state of Washington.

Oh to be European

Europeans are big steps ahead of Americans on the digital privacy front thanks to the GDPR. Among other points, GDPR establishes two legs to privacy: First, personal data can only be collected and saved for specific purposes. Second, this data can be collected only with the explicit consent of the user. GDPR has meant that Europeans have recently gotten hit with a swarm of email data requests from companies wanting to continue sharing and exchanging your data. It has also meant that some companies have unveiled lists of other companies that they share your data with. PayPal, for example, shares user data with over 600 companies.

Just who is Big Brother?

In George Orwell’s 1984, Big Brother is essentially a governmental figure as it spies on individual activities. This description fits in the wake of Snowden’s revelations about the US government’s NSA spy activity, the strengthening Great Wall of China, and Russian moves against VPNs.

But what happens if this surveillance isn’t commercial? What happens if everything we do online is watched for commercial reasons so we can be sent ever larger amounts of targeted advertisements or turned down for medical insurance due to our surfing history?

Vermont is a tiny state with a very big value on personal privacy. Citizens of Vermont value their privacy at $4,125 – nearly double the US average of $2,163 according to a recent survey. While some companies might deride the Vermont effort as yet another regulatory hoop to step through, it could provide big rewards for Americans by putting more transparency into a largely hidden market for those private online activities.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.