What If You Knew What They Knew?

By Jon Cohen:

Part One of a Two-Part Series on Data Privacy

How Your Data Is Collected, Tracked, and Sold

Every time you sign up for a loyalty rewards card at a grocery store, like a friend's post on social media, or download a free app that asks for your location, you're contributing to a growing digital file about you. Your personal data—seemingly small, everyday actions—has transcended from being just information to becoming one of the world's most valuable commodities.

Have you ever wondered why that ad for hiking boots appeared on your screen just minutes after you searched for national parks? It's not a coincidence. It's a precise calculation, a glimpse into the vast, multi-billion-dollar industry built on your personal data. 

Companies often collect, analyze, and sell this data, and you told them it was ok. Permission to do this was buried in the Terms and Services. But don't feel bad if you just clicked "Agree" without reading the 25 to 50 pages of legal terms; that is what these companies are banking on.

This article looks at how the personal information of everyday people has quietly become a valuable product. In the next part of this series, we'll talk about protecting your information and taking back some control.

What Are Data Brokers?

A data broker is a company that collects information about people from a wide range of sources. These include public records, social media, online purchases, location history, voter registrations, and subscriptions. Once collected, the data is packaged and sold to marketers, advertisers, and sometimes government agencies. 

Despite many people being unaware of their existence, data brokers play a substantial role in the digital economy. Some brokers claim to have profiles on hundreds of millions of people. These profiles can include age, income, interests, health concerns, and even details like how many kids you have or what kind of car you drive. Companies such as Acxiom and Oracle Data Cloud collect billions of data points on consumers, selling this information to advertisers and other businesses.

Where Does the Data Come From?

Think of your data as pieces of a puzzle scattered across the internet. Your social media likes are one piece, your loyalty card purchases are another, and your app location history is a third. Data brokers then collect all these seemingly unrelated pieces to assemble a comprehensive picture of who you are. The sources of this information can be found in two main places: your everyday activities and the darker corners of the internet.

What About Your Sensitive Information? Is It at Risk?

One of the more alarming parts of the data trade is that sensitive information, including Social Security numbers (SSNs), is sometimes bought and sold (and not only on the dark web). Amazingly, buying and selling SSNs in the United States is not a crime. Other sensitive information bought and sold on the dark web may have been leaked in a data breach, stolen through phishing scams, or scraped from unsecure databases. Once available, it can be used for identity theft, fake tax returns, or opening credit cards in your name. While most people assume this kind of crime is rare, major breaches happen regularly. For example, in the massive 2017 Equifax hack, the personal information of over 147 million people was exposed. This works out to nearly half of the population of the United States. Maybe even your data was leaked.

How Laws Differ Around the World

Privacy laws vary depending on where you live. In Europe, the General Data Protection Regulation (GDPR) gives individuals more control over their personal data. Companies must ask for explicit consent before collecting or sharing your information, and people have the right to request that their data be deleted. In Canada, privacy laws are stricter than in the United States but not as strong as GDPR. Canadian users can access and correct personal data, and companies face fines if they do not comply. In the United States, privacy is not governed by a single, comprehensive law. Instead, it's a fragmented landscape of state laws, such as the California Consumer Privacy Act (CCPA), and federal laws that apply only to specific industries, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare and the Children's Online Privacy Protection Act (COPPA) for data on kids under 13. This leaves American consumers with fewer options to control or limit how their information is collected and used.

Why This Matters

The reality is that your data has value, and others are making money from it. But you have the power to control how much of it is being collected, where it goes, and how it could be used. You may be comfortable sharing certain things, but knowing and exercising your control over your personal data is essential. 

In the next article, we'll explore what you can do to take back some control. This includes reducing your digital footprint, improving online privacy, and removing personal data from certain databases. We'll also talk about the idea that your attention and engagement have value and whether companies should be paying you for your posts, likes, comments, and time.

Jon Cohen’s contributions can be found on radio, TV, and print media. Jon makes “geek speak” understandable for the masses and has been a voice in the tech community for over 20 years. A former “Geek Squad” member as well as an “Apple Genius,” he offers a fresh perspective on technology, photography, and social media. Twitter: @cohenHD