FTC’s ‘Reclaim Your Name’ alone won’t rein in data brokers, experts say

The Federal Trade Commission’s new proposal to add some accountability to the data broker industry is merely a first step toward giving consumers some control over the handling of their personal information, privacy experts say.

FTC Commissioner Julie Brill proposed on Wednesday an industry-wide initiative, called “Reclaim Your Name,” which would give consumers access to data collected on them, and the ability to correct errors. They could also opt-out having their information used for marketing.

Participation in the initiative, recommended during Brill’s keynote at the 23rd Computers, Freedom and Privacy Conference in Washington, D.C., would be voluntary, so it’s unclear whether it will get much support from the unregulated industry.

Data brokers are companies that collect personal information on consumers from a wide variety of sources, including the Internet, and then resell it to businesses.

In general, privacy experts welcomed the attention Brill gave to unbridled collection of consumer data, some of which is used to determine whether someone is too risky to do business with, is engaged in fraud or is ineligible to enroll in certain clubs, dating services, schools or other programs. However, whether a voluntary program is enough remains to be seen.

“I welcome the attention to the many problems consumers are having locating and managing their records at various data brokers,” Pam Dixon, executive director of the World Privacy Forum, said on Thursday. “I am interested to see how many data brokers step up to the effort — there will need to be a majority of them participating for any meaningful effort to occur.”

Brill would support legislation that would require data brokers to provide “notice, access and correction rights to consumers scaled to the sensitivity and use of the data at issue.” For example, people should have the opportunity to correct information used in eligibility determinations.

[Also see: The 15 worst data security breaches of the 21st Century] 

Beth Givens, director of the Privacy Rights Clearinghouse, said data brokers should be regulated like credit bureaus under the Fair Credit Reporting Act. The FCRA gives consumers notice, access and correction rights for all data used in making employment, credit, insurance and housing decisions.

“The data broker industry must be regulated,” she said.

Congress has investigated data brokers’ use of consumer information, but has yet to make a serious effort at regulating the industry, leaving it up the FTC to do what it can.

Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, would like to see the FTC do more with the authority it already has.

“The FTC has statutory authority to investigate and prosecute unfair and deceptive trade practices,” Rotenberg said. “The president has already made clear in the Consumer Privacy Bill of Rights that consumers should have the right to inspect and correct their personal information held by others.”

“The FTC should use its Section 5 authority (under the FTC Act) to enforce the Consumer Privacy Bill of Rights,” he said.

Privacy rights group have been stepping up research and advocacy efforts aimed at putting a leash on data brokers. While Brill’s proposal adds pressure to the industry, Jeffrey Chester, executive director for the Center For Digital Democracy, said it is “just one part of a growing consumer effort to rein in the out of control data broker business.”

Other voluntary efforts at protecting consumer privacy have had limited success. For example, the World Wide Web Consortium (W3C) is currently working with advertisers, privacy advocates, regulators and software developers on a standard for Do Not Track. The initiative is meant to give consumers an option within Web browsers to opt-out of being tracked by advertisers while on the Internet.

So far, a consensus on how much control should be given to Web users remains elusive. “There’s progress, but it’s slow,” Aleecia M. McDonald, director of privacy for Stanford University’s Center for Internet and Society, recently told CSOonline.