Digital trust and data broker practices

So let’s talk about the quiet middlemen nobody invited but everyone’s data somehow met anyway. Data brokers. These are the companies that scrape, buy, sell, and repackage your personal information. Then they slap it on a website and call it “people search” or “public records.” Sounds harmless. It’s not. As a Cybercrimes Detective, I can tell you exactly how scammers use these sites. ✅ They look you up by name or phone number ✅They get your current and past addresses ✅Your relatives and associates ✅Your age range, emails, sometimes employment history That’s not trivia. That’s a scam blueprint. This is how scams go from random to personal. “Hi, this is your bank.” “Hi, this is law enforcement.” “Hi, this is your grandson.” When a scammer already knows where you live, who you’re related to, and what city you’re in, the lie lands harder. Trust comes faster. Victims comply sooner. Data brokers don’t usually scam people. But they absolutely fuel scams. So what can you do. 1️⃣ Manual opt-outs Most data broker sites have opt-out pages. They’re buried. They’re annoying. And there are dozens of them. But it’s free if you have the time and patience. 2️⃣ Use removal services Companies like Incogni, DeleteMe, Optery, Aura, and others will do the legwork for you. You’re essentially paying someone to play whack-a-mole with your data year-round. For many people, that’s worth it. 3️⃣ California’s new Delete Act California now allows residents to submit a single request that requires registered data brokers to delete their personal information. This is a big step. Other states are watching closely. Bottom line. You can’t stop data collection entirely. But you can reduce your digital footprint. And every record removed is one less puzzle piece a scammer can use against you. #DataPrivacyWeek isn’t just about strong passwords. It’s about starving scammers of the information they rely on. Pause. Think. Verify. And maybe… delete yourself from the internet just a little. #FraudHero #fraud #scams #databroker #fraudprevention #PauseThinkVerify #StoptheScam

Yesterday, the Consumer Financial Protection Bureau proposed a rule that would include data brokers as "consumer reporting agencies" under the Fair Credit Reporting Act (FCRA) when they sell certain sensitive consumer information (e.g., credit history, credit score, debt payments (including on non-credit obligations), or income). The proposed rule would significantly limit the ability of data brokers to sell sensitive contact information that could be used to target, harass, or dox individuals seeking #privacy protection, including domestic violence survivors, and would require them to comply with accuracy requirements, provide consumers access to their information, and maintain safeguards against misuse. Here is a link to the fact sheet for the proposed rule: https://lnkd.in/ek7jcW-y.

If you use data collected by data brokers you must ensure that individuals have expressed valid consent before carrying out your prospecting campaigns - says CNIL - Commission Nationale de l'Informatique et des Libertés in new enforcement order with a hefty fine. Responsibility for consent when using data procured by data brokers: 🔹️It is up you, in your capacity as data controller, to prove that your commercial prospecting operations are lawful (in particular, proof of consent). 🔹️ Imposing contractual requirements on your suppliers, upstream, even with some audit downstream, may noy be sufficient 🔹️If you ask your supplier to provide proof of consent and it is unable to provide this proof, you must promply cease to use the data transmitted Valid consent: 🔹️If you have consent forms and the buttons allowing users to use their data for commercial prospecting purposes much more prominent (by their size, colour, title and location), compared to the hypertext links allowing users to take part in the service/product without agreeing to this use (of a much smaller size and blending in with the body of the text), strongly encouraged users to accept and doesnt constitute valid consent. Pic from CNIL opinion https://lnkd.in/eNvPzAPU

💃🏽 Introducing Debbie Reynolds “The Data Diva” Power Play Series: Volume #6 –"Data Guardians: Ethics, Inference, and the Future of Data Privacy" "The Data Diva Power Play", a new monthly YouTube series where we dive deep into our award-winning “The Data Diva” Talks Privacy Podcast vault. This series highlights essential conversations with global experts that business leaders need to know about Data Privacy and Emerging Technology topics that matter most RIGHT NOW. 🔍 The Data Diva Power Play features four high-demand, timely podcast episodes showcasing actionable insights and groundbreaking discussions. Playlist Length:  3 hours, 10 minutes, 19 seconds In Volume #6: "Data Guardians: Ethics, Inference, and the Future of Data Privacy",  We explore: 🎯Jeff Jockisch (Data Brokers & Data Privacy) Debbie Reynolds and Jeff Jockisch dissect the opaque world of data brokers, exploring how unregulated data aggregation harms individuals and businesses. They advocate for purpose-driven data collection laws and discuss Jeff’s groundbreaking dataset tracking brokers’ unethical practices. 🎯David Kruger (Cybersecurity & Data Control) Debbie and David Kruger go into self-defending data technologies, emphasizing encryption and cryptographic controls to secure information even when breached. They critique outdated “castle-and-moat” security models and highlight the urgency of global standards for third-party data transfers. 🎯Jennifer Pierce, PhD (Ethical AI & Human-Centered Tech) Debbie and Jennifer Pierce tackle the ethical pitfalls of AI, arguing for decentralized, human-centered innovation to combat bias and corporate monopolies. They stress the need for psychological safety in tech workplaces and data sovereignty as a fundamental human right. 🎯Kurt Cagle (Semantic Web & Data Bias) Debbie and Kurt Cagle unpack the Semantic Web’s power to structure data for smarter AI, while warning of biases in rigid classification systems. They debate the ethics of inference-driven profiling and call for transparency in how algorithms shape societal narratives. 📺 Join the Conversation Watch or listen to all episodes of Volume #6: "Data Guardians: Ethics, Inference, and the Future of Data Privacy"on our YouTube playlist, and stay tuned for more impactful discussions designed to help companies thrive. 🎥 Playlist Link:  https://lnkd.in/dVKYysjx 💬 We would love your input! Share your thoughts on this volume and let us know what topics you want to see in future "The Data Diva Power Play" editions. #Privacy #Cybersecurity #TheDataDiva #AI #DataPrivacy #EthicalAI #SemanticWeb #DataBrokers #EncryptionTech #HumanCenteredTech #PrivacyRights #TechEthics #InferenceRisks #FutureOfData #DigitalGuardians Debbie Reynolds Consulting, LLC – Contact us for innovative data solutions.

Insightful article discussing the fact that, U.S. Senator Ron Wyden revealed that the National Security Agency (NSA) has been purchasing internet browsing records from data brokers, bypassing the need for a court order. This practice has raised significant privacy concerns, as it involves obtaining detailed information about Americans' online activities without their consent. For anyone remotely concerned about the individual right to privacy this should not be taken lightly. The NSA's admission of buying internet browsing records from data brokers without a court order is a significant concern for individual privacy. This practice not only bypasses legal safeguards but also highlights the opaque nature of data brokerage and the potential for misuse of personal information. The ability to infer sensitive personal details from browsing metadata poses serious privacy risks, particularly when individuals are unaware of how and where their data is being utilized. Key Points: NSA's Purchase of Browsing Records: The NSA admitted to buying internet browsing data, which includes information on websites and apps used by Americans, from data brokers. Privacy Concerns: Such metadata can reveal personal details based on individuals' browsing habits, including sensitive information related to mental health, sexual assault, telehealth services, birth control, and abortion medication. NSA's Compliance Measures: In response to Wyden's queries, the NSA stated that it has developed compliance regimes to minimize the collection of U.S. person information and focuses on acquiring only mission-critical data. Restrictions on Location Data: The NSA clarified that it does not buy or use location data from phones or vehicles in the U.S. without a court order. DoD's Stance: Ronald S. Moultrie, under secretary of defense for intelligence and security, affirmed that the Department of Defense acquires and uses commercially available information while adhering to privacy and civil liberties standards. Precedent of Data Purchase: The Defense Intelligence Agency (DIA) was previously reported to have bought domestic location data from smartphones through commercial data brokers. FTC's Action Against Data Brokers: The Federal Trade Commission prohibited Outlogic and InMarket Media from selling precise location information without users' informed consent. Outlogic is also barred from collecting data that could track visits to sensitive locations. Legal and Ethical Implications: Wyden pointed out the legal gray area in which these data purchases occur and the lack of consumer awareness about how their data is being shared and used.

Earlier today CalPrivacy announced its most recent data broker registration fine. The simple takeaway is that CalPrivacy issued its eighth fine for an entity failing to register as a data broker. However, there's a much larger picture that data brokers (and unregistered data brokers) need to be thinking about: 1️⃣ High Priority. To state the obvious, data brokers and unregistered data brokers are clearly a priority for CalPrivacy. The agency announced the formation of a special data broker strike force last month. And, don't forget that CalPrivacy's current Executive Director, Tom Kemp, was a co-author of the Delete Act. 2️⃣ Broad Definition of Data Broker. It may have flown under the radar for some given the non-stop privacy legislative and rulemaking activity in this country, but the agency's implementing data broker regulations adopted a broad definition of what constitutes a data broker (we discuss it in the below article). That definition arguably captures entities that do not traditionally think of themselves as data brokers. 3️⃣ Increased Risks. The risks of noncompliance are going to skyrocket in 2026. Right now, a failure to register will cost you $200 per day. But, once the DROP regulations go fully into effect, data brokers will need to check the opt-out platform at least once every 45 days for deletion requests and will be on the hook for a $200 fine “for each deletion request for each day the data broker fails to delete information.” Plus, CalPrivacy was careful to note in its recent data broker strike force announcement that it will also be looking for CCPA non-compliance in its investigations. The CCPA has fines of $2,663 for each violation and $7,988 for each intentional violation. 4️⃣ Increased Obligations. Not only do data brokers need to deal with the new opt-out platform, but California just passed a new law requiring data brokers to make even more disclosures as to their collection and selling/sharing activities, including whether they sell or share personal information to foreign actors. More details in the below article.

👁 Here are the slides from my talk last week "Why I HATE Data Brokers and the benefits of doing privacy the right way". Thank you to those who attended. The link to the video replay is in the comments. I covered data harms, lobbying, litigation risks, and benefits to businesses. The slides are light, but I explain them in the video. ❌ Data Harms: Discrimination- Automated decision making tools (and existing state privacy laws)- lobbyists are chipping away at the definitions in hope of creating ambiguity and limiting future enforcement. Competition- Protecting trade secrets, dynamic pricing, cloud environments increase risks. IP rights- Content creators rights vs the data needs of LLMs (and now- natl security). Commoditization- Adtech ís the most important thing in society, protected as "innovation". What about societal values? Edtech has come for our kids, captive creators of data for corp purposes, without consent or concern for educational outcomes. Social Engineering- Algos gaslighting kids into self harm, bullying, sextortion, loneliness, crime, misinformation in elections creating division, yet they are claiming the platforms are bringing people together. Safety- doxxing, domestic violence, stalking, health care, hate crimes. Privacy is a safety issue. Exclusion- Digital exclusion- what about ppl that do not have smart phones? Who is collecting data on harms to protected groups? No data, no harms proven. ✅ Benefits: Minimizing risks by implementing comprehensive privacy programs decreases likelihood of litigation, and security breaches. Building trust with customers increases brand reputation and loyalty. Reducing unnecessary third party vendors saves money on subscriptions and other contract fees, while reducing risks of litigation. Data minimization, and operationalizing retention protocols reduces storage and security costs. Mapping data lifecycles gives management better control over data assets. Continuously updated data asset inventories are necessary for mergers and acquisitions, when seeking insurance coverage, when seeking investments and raising capital, for structuring data sharing agreements, for business continuity plans, for cyber security recovery plans, for litigation reasons, and for bankruptcy and reorganization plans. 👉 Businesses do not collect data just to store and safe keep it. Find out what data you need for your businesses' goals, and only collect that data. Better data quality yields better outputs and more useful insights. You can collect less data, decrease risks, build trust, and improve the quality of the services you provide (while continuing to make profits). 😎 Lots of companies do not think they are data brokers, but their data flows suggest otherwise. I see you!

NEW for The Drum: Today, two US federal agencies – the Federal Trade Commission and the Consumer Financial Protection Bureau – are cracking down on data brokering, aiming to protect Americans' sensitive information from being shared without their consent. The FTC on Tuesday settled landmark cases against Mobilewalla and Gravy Analytics for unlawfully selling location data, while the CFPB proposed a new rule that would put data brokers under stricter federal oversight and limit their ability to sell sensitive personal data like phone numbers and Social Security numbers. Should the CFPB's proposal be adopted, advertisers' access to third-party data would be restricted, resulting in disruptions to audience segmentation and ad targeting. Luckily, many adland stakeholders have already read the writing on the wall and are shifting away from third-party data strategies, opting instead for first-party approaches and contextual targeting. Get the full story here, with commentary from Check My Ads Institute's Arielle Garcia, Compliant's Jamie Barnard and Monks' Michael Cross: #advertising #adland #adtech #digitalads #data #dataprivacy #dataprotection #privacy #databrokering #databroker #media #digitalmedia #compliance #gdpr #privacylaw #regulation #privacyregulation #tech #technews #privacynews