The Quiet Spread of Data Brokers Selling Your Personal Information

(Adam Engst) #1

Originally published at:

A new Vermont law that requires data brokers to register with the state has enabled a Fast Company article revealing just how many of these companies there are, and how much they know about us. You can sometimes opt out.

(Jack Clay) #2

Overwhelming. There ought to be a law… oh wait. Now all I have to do is contact 121 different companies and ask them politely to stop trafficking my data. It appears that this train has left the station and we didn’t even know there was a train!

(Seth Anderson) #3

There should be a law, in my opinion, based upon the GDPR example in the EU. I know there have been criticisms of the GDPR’s over-reach, but I wish America took the data privacy of its citizens as seriously.

(Dennis Swaney) #4

Interesting that neither Google or Facebook complied with the law!

(Adam Engst) #5

Facebook and Google aren’t covered by this law:

The Vermont law only covers third-party data firms–those trafficking in the data of people with whom they have no relationship–as opposed to “first-party” data holders like Amazon, Facebook, or Google, which collect their own enormous piles of detailed data directly from users.

(Seth Anderson) #6

Yeah, there are a lot more data brokers in existence who are excluded by the Vermont law’s first-party exclusion clause, even though several of the firms traffic in more 3rd party data than 1st party data. The law should be amended to include any firm that buys and sells personal data, no matter how it is acquired.

(Dennis Swaney) #7

Then I agree with Seth! The law should be amended to cover anyone that traffics in personal data.

(Simon) #8

Great article! :slight_smile: Thanks, TidBITS team, for linking to it and maintaining awareness when it comes to all these digital privacy issues. It appears we need it more than ever.


I totally agree. But here in the US all we seem to have is a few states that passed conflicting regulations that nobody seems to pay attention to. What we need is one federal, GDPR-like law to rule them all, including consent, security, privacy, and the right to be forgotten.

(Al Varnell) #10

But we learned last week that Facebook is in possession of data from non-members (and sells it to others), so surely the Vermont law would apply to them.

(Tommy Weir) #11

Good point Al…

I do think in time the US will implement a GDPR approach to personal data. I can only hope the implementation and the EU’s implementation match or work together… so sites only have to do it once and that’s it for both territories and legal remedies can be quickly implemented.

Here in Europe it’s been interesting, people have adapted very quickly. I no longer have access to all the information the College retains about my students. To be honest, I was irritated initially but now it seems completely appropriate, the alternative absurd.

(Al Varnell) #12

Seems the Feds are interested now.

(Seth Anderson) #13

California is pressing ahead