Full Text: Data Brokers and Sensitive Data on US Individuals – Sherman, 2021
Overview: This report examines 10 major data brokers and the highly sensitive data they hold on U.S. individuals. It finds that data brokers are openly and explicitly advertising data for sale on U.S. individuals’ sensitive demographic information, on U.S. individuals’ political preferences and beliefs, on U.S. individuals’ whereabouts and even real-time GPS locations, on current and former U.S. military personnel, and on current U.S. government employees. It first describes the problem of virtually unregulated data brokerage in the United States. It then describes the findings of research conducted for this paper on data brokers openly and explicitly advertising sensitive data on U.S. individuals, including a specific analysis of data relating to military personnel. It then concludes with policy implications for the United States—including ways this data collection, aggregation, selling, and sharing threatens civil rights, national security, and democracy.
- All 10 surveyed data brokers openly and explicitly advertise data on millions of U.S. individuals, oftentimes advertising thousands or tens of thousands of sub-attributes on each of those individuals, ranging from demographic information to personal activities and life preferences (e.g., politics, travel, banking, healthcare, consumer goods and services)
- People-search websites aggregate public records on individuals and make it possible for anyone to search for major activist figures, senior military personnel, and other individuals—uncovering home address, phone number, and other information as well as the names of known family members and relatives
- Oracle has a data partner that openly and explicitly advertises data on U.S. individuals’ interest in political organizations, figures, and causes, including but not limited to data on those who support the National Association for the Advancement of Colored People (NAACP), Planned Parenthood, the American Civil Liberties Union (ACLU), and the National LGBTQ Task Force
- Oracle, Epsilon, and other data brokers openly and explicitly advertise data sharing platforms to which anywhere from dozens to thousands of companies contribute data on individuals
- Multiple data brokers advertise the ability to locate individuals, ranging from the use of driver license records and other aggregated data to pinpointing phone geolocations
- Three major U.S. data brokers, Acxiom, LexisNexis, and Nielsen, openly and explicitly advertise data on current or former U.S. military personnel; LexisNexis advertises a capability to search an individual and identify whether they are active-duty military; and other brokers likely sweep up military personnel in their larger data sets
Author: Justin Sherman is a cyber policy fellow at Duke University’s Technology Policy Lab, where he directs the data brokerage research for Duke’s Privacy & Democracy Project.