Congressional Hearing Focused on Data Broker Collection of Sensitive Data, Including Data from Children

Congressional Hearing Focused on Data Broker Collection of Sensitive Data, Including Data from Children

Published On December 14, 2012 | By Melissa Maalouf | General
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On 12/13, Reps. Ed Markey and Joe Barton held a bipartisan congressional briefing in which they questioned representatives of the data broker industry about their data collection and use practices.  In particular, the questions focused on the collection and use of data about children.

In June, Markey and Barton sent letters to 9 data broker companies seeking information about how they collect, maintain, and sell consumer information.  On 11/8, a bipartisan group of House lawmakers announced that they did not believe the companies’ responses provided a full picture of their practices.

Yesterday’s hearing included representatives from most of the 9 companies who received the letters, including Acxiom, Epsilon, and Experian.  It also featured FTC and privacy group representatives.

During the hearing, FTC Chairman Jon Leibowitz highlighted the fact that data brokers are often invisible to consumers, which is why the FTC’s March 2012 privacy report called for more transparency by data brokers and targeted legislation.  Data broker representatives stressed the fact that it is important to define the term “data broker,” given that the companies considered to be data brokers use information in many different ways.

In discussing data broker use of children’s information, a representative from the Direct Marketing Association noted that most data brokers do not knowingly collect information from children under the age of 13 and do not market to them.  However, Leibowitz announced that the FTC intends to release an updated COPPA privacy rule by the end of the next week, and “definitely before the end of the year.”  It will be interesting to see how the FTC attempts to apply the COPPA rules to data brokers given that they often lack a direct relationship with consumers.

Also discussed at the briefing was the need to protect teens, and the FTC’s recent findings regarding the insufficient level of privacy protection afforded by mobile applications.  Markey stated his intent to reintroduce the “Do Not Track Kids Act” (H.R. 1895) in the next Congress.

Participants also focused on how to protect other forms of sensitive data from being misused by data brokers, such as health information not already covered by HIPPA, and certain financial information.

About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.