Over the last decade, we have experienced a digital revolution that sees people using the Internet to manage more of their daily lives.
Mobile applications, social media and search engines have become everyday tools, but their usage is accompanied by a shocking amount of hidden data collection without individuals’ knowledge or consent.
A report from Cracked Labs on corporate surveillance notes “the behaviors, movements, social relationships, interests, weaknesses and most private moments of billions are now constantly recorded, evaluated and analyzed in real-time . . .” We need to balance maintaining America’s lead on the digital front while protecting our individual liberties and personal privacy.
Companies are collecting, processing, analyzing and sharing considerable data on individuals for all kinds of purposes. Data brokers play a central role in gathering vast amounts of personal information—many times without ever interacting with individuals—from a wide range of public and private sources, which is then sold or shared with others.
The previously mentioned report broadly outlines examples of the information data brokers collect on individuals: “The profiles . . . include not only information about education, occupation, children, religion, ethnicity, political views, activities, interests and media usage, but also about someone’s online behaviors such as web searches. Data brokers also calculate scores that predict an individual’s possible future behavior, with regard to, for example, someone’s economic stability or plans to have a baby or to change jobs.”
Companies will argue that this data is needed in order to provide customized, free services, but consumers will just as rightly argue that they were never fully informed of such data collection, nor consented to it.
The Internet economy brings with it the promise of increasing consumer choice and economic prosperity, but also presents a new set of challenges and requires our vigilance. The United States has fostered the growth of a data-driven world, but we have not kept pace with a complementary consumer privacy framework to ensure proper protection. Through our leadership of the Senate Banking Committee, Ranking Member Sherrod Brown (D-Ohio) and I have begun examining approaches to data privacy and how individuals can be given real control over their personal data.
Individuals are the rightful owners of their data. They should be granted a certain set of privacy rights, and the ability to protect those rights through informed consent. We need to establish obligations for data collectors, brokers and users, and implement an enforcement system to ensure the collection process is not abused, and that data is appropriately protected.
Regulations should be clear and understandable for both collectors and consumers, and should not punish those who opt out of collection practices. Individuals should also have the ability to review their data, correct inaccuracies, and have ample opportunity to opt out of it being shared or sold for marketing and other purposes.
That is not to say that all data collection is bad. In many cases, data is used to provide value, such as risk mitigation, fraud prevention, and identity verification, or to meet certain legal requirements. But without a consumer privacy framework reflecting today’s new technologies and massive data expansion, that same collection could negatively impact an individual’s access to or cost of credit and insurance products, the types of financial products or services they are offered, or even future employment prospects.
A complete view of data collection and its protection is vital to individuals exercising their rights. The explosion of big data collection has raised important questions about how we should approach our oversight duties and bolster privacy rights, and will continue to be a major focus of the Banking Committee.