Duke’s Cyber Policy program has released a report on sensitive data of U.S. individuals used by data brokers. The report finds that data brokers are openly and explicitly advertising U.S. individuals’ sensitive information – threatening civil rights, national security and democracy. Data brokerage is a virtually unregulated practice in the United States, detail the authors.
The report examined 10 major data brokers and the highly sensitive data they hold on U.S. individuals. It finds that data brokers are sharing individuals’ demographic information, political preferences and beliefs, and whereabouts and even real-time GPS locations, including on current and former U.S. military personnel and current U.S. government employees.
The publication includes policy implications for the United States – and recommendations to protect individuals and the country. Specifically, the report recommends that Congress embed the data brokerage ecosystem into a new, strong federal privacy law, give the FTC greater authority to investigate unfair and exploitative data broker practices, and give the executive branch new export control authorities to restrict data brokers’ selling of U.S. data to certain foreign actors.
Key findings of the report
- All 10 surveyed data brokers openly and explicitly advertise data on millions of U.S. individuals, oftentimes advertising thousands or tens of thousands of sub-attributes on each of those individuals, ranging from demographic information to personal activities and life preferences (e.g., politics, travel, banking, healthcare, consumer goods and services).
- People-search websites aggregate public records on individuals and make it possible for anyone to search for major activist figures, senior military personnel and other individuals—uncovering personal information.
- At least one data broker has a data partner that openly and explicitly advertises data on U.S. individuals’ interest in political organizations, figures, and causes, including but not limited to data on those who support the National Association for the Advancement of Colored People (NAACP), Planned Parenthood, the American Civil Liberties Union (ACLU), and the National LGBTQ Task Force.
- Several of the studied data brokers openly and explicitly advertise data sharing platforms to which anywhere from dozens to thousands of companies contribute data on individuals.
- Multiple data brokers advertise the ability to locate individuals, ranging from the use of driver license records and other aggregated data to pinpointing phone geolocations.
- Three major U.S. data brokers in this report openly and explicitly advertise data on current or former U.S. military personnel.
Cyber Policy Fellow Justin Sherman, who graduated from Duke in 202o, is the report author. As a fellow, Sherman directed data brokerage research for Duke’s Privacy & Democracy Project during his fellowship through Duke’s Technology Policy Lab.