On 12/13, Reps. Ed Markey and Joe Barton held a bipartisan congressional briefing in which they questioned representatives of the data broker industry about their data collection and use practices. In particular, the questions focused on the collection and use of data about children.
In June, Markey and Barton sent letters to 9 data broker companies seeking information about how they collect, maintain, and sell consumer information. On 11/8, a bipartisan group of House lawmakers announced that they did not believe the companies’ responses provided a full picture of their practices.
Yesterday’s hearing included representatives from most of the 9 companies who received the letters, including Acxiom, Epsilon, and Experian. It also featured FTC and privacy group representatives.
During the hearing, FTC Chairman Jon Leibowitz highlighted the fact that data brokers are often invisible to consumers, which is why the FTC’s March 2012 privacy report called for more transparency by data brokers and targeted legislation. Data broker representatives stressed the fact that it is important to define the term “data broker,” given that the companies considered to be data brokers use information in many different ways.
In discussing data broker use of children’s information, a representative from the Direct Marketing Association noted that most data brokers do not knowingly collect information from children under the age of 13 and do not market to them. However, Leibowitz announced that the FTC intends to release an updated COPPA privacy rule by the end of the next week, and “definitely before the end of the year.” It will be interesting to see how the FTC attempts to apply the COPPA rules to data brokers given that they often lack a direct relationship with consumers.
Also discussed at the briefing was the need to protect teens, and the FTC’s recent findings regarding the insufficient level of privacy protection afforded by mobile applications. Markey stated his intent to reintroduce the “Do Not Track Kids Act” (H.R. 1895) in the next Congress.
Participants also focused on how to protect other forms of sensitive data from being misused by data brokers, such as health information not already covered by HIPPA, and certain financial information.
