The Data Broker Accountability and Transparency Act of 2014 (DATA Act) introduced this week by Senators Jay Rockefeller (D-WV) and Edward Markey (D-MA) is not unlike earlier consumer privacy bills in that its definition of data brokers is so broad as to include small e-commerce operation. The DATA Act defines a broker as any commercial entity that “collects, assembles, or maintains” data on individuals who are not customers or employees “in order to sell the information or provide third party access.”
“By their definition, all commercial companies that share data are data brokers,” says Tony Hadley, SVP of government affairs and public policy at Experian, who took part in hearings on the data industry held by Rockefeller’s Commerce, Science & Transportation Committee. “If that’s true, then even small businesses are data brokers and this is an omnibus privacy bill. The Introduction of this bill should be a clarion call for companies large and small to get involved with this issue.”
Though similar bills have died on the Senate floor previously, the Direct Marketing Association says it intends to fight the DATA Act’s progress “tooth and nail” due to the high profile it receives from Rockefeller. “Once the chairman of the committee writes a bill like this, everybody says ‘This must be the way to go,’” says DMA SVP of government affairs Peggy Hudson. “Members of Congress are naïve on data flow and what is a data broker. This bill could be a catch-all.”
The section of the DATA Act that most offends marketing stakeholders would compel data brokers to grant consumers access to their data with the ability to correct it at least once a year at no cost. The cost would fall on the so-called data brokers.
“Most companies would have to open new authentications businesses. It would be a huge burden on them,” says DMA VP of government affairs Rachel Nyswander Thomas. “But while there’s a purpose for this kind of review when data is being used for eligibility purposes like credit card applications, marketing is not an eligibility purpose. If you don’t get a credit card because of bad information, well, that’s what the Fair Credit Reporting Act is for. But if your marketing information is wrong, you may get an offer for a blue sweater instead of a red one. No harm comes to the consumer.”
The biggest tussle Rockefeller and Markey might face is with the Federal Trade Commission, which would be called on to enforce the DATA Act’s provisions should it pass. “The requirement that consumers gain access to their data is in contradiction to an indication by the FTC in an exhaustive, two-year-long study it published in 2010,” says Hadley. “It rejected the notion as unnecessary and one that increases data security concerns.” Thomas agrees, saying that opening up customer databases would only increase the likelihood that private data could be breached by hackers.
One positive aspect of the DATA Act might be opening up the dialog on the issue of data usage transparency, according to Hadley. “Rockefeller wants to have a continuing dialog on this issue, and he’s using the proxy of data brokers to have it, which is healthy,” he says. “There’s nothing wrong with transparency. We want to meet societal expections. This bill is part of the debate.”