New privacy-focused restrictions from the US government are curbing the data broker sector. These rules safeguard millions of Americans' private data against data breaches, criminals, and AI chatbots.
The Consumer Financial Protection Bureau (CFPB), which leads the project, aims to include the "surveillance industry" under rules that control credit reports and criminal records. Numerous companies working with increasingly digitalized personal data make up this market.
The CFPB intends to prohibit data brokers from selling specified categories of consumer information, such as income, criminal history, and payment histories, unless certain conditions are met. However, the possible restrictions' precise wording has yet to be approved and made public.
Another plan goal is the implementation of new restrictions on selling sensitive personal information, including Social Security numbers, names, and addresses. Data brokers from major credit reporting agencies regularly obtain these kinds of details to create their own consumer profiles.
These Fair Credit Reporting Act-issued restrictions ensure that data brokers only sell private information for legitimate business needs, including job background checks or credit assessments. This tries to stop data from being misused for training chatbots or artificial intelligence systems.
Sensitive Information Being Used in AI Development
The government announced these measures after a thorough review earlier this year found broad concerns about consumer data collection, use, and sharing. The implications of uncontrolled data sharing on vulnerable populations, including minorities, elders, immigrants, and victims of domestic abuse, were underlined in public comments made throughout the investigation.
CFPB Director Rohit Chopra said, "Reports about monetization of sensitive information are particularly worrisome when data is powering 'artificial intelligence' and other automated decision-making about our lives," as per a CNN report. He reiterated the CFPB's commitment to ensuring contemporary data brokers follow lawful data gathering and sharing methods.
Before it is officially released as a regulation, the CFPB's plan will be discussed with a group of small companies to solicit comments.
How Do Data Brokers Gather Personal Info?
A Georgetown Law attorney, Lauren Harriman, cautions that data brokers' practices are concerning as they circumvent the Fair Credit Report Act and prioritize profit over data accuracy," per Wired. She emphasizes that data brokers buy people's personal information, combine it with other data without verifying its correctness, and then sell the resulting bundle for a healthy profit.
According to a Slate article, US data brokers stealthily gather and exchange personal information, such as health problems, credit ratings, and other details. One example is the broker Acxiom in Arkansas, with data on 2.5 billion individuals, which supports profiling by insurance, marketers, law enforcement, and criminals.
Three primary techniques are used by data brokers: direct accumulation via the acquisition of applications and businesses, indirect collection through the scraping of public information, and inference using algorithms to forecast user data. Getting information on a person's beliefs can be done by detecting installed applications to infer a person's sexual orientation or religion. In order to get further insights, data brokers create models employing data points.
Read also: MOVEit Hack: Massive Medical Data Breach Exposes Millions of Americans' Sensitive Health Info