I remember the moment, four years ago, when I realized just how well Big Data knew me. I was sitting in the newsroom one afternoon and clicked over to Facebook, where an advertisement caught my eye.
There on my screen was an image of the exact pair of hot pink Tory Burch sandals I was wearing at that very moment. On my feet and on my screen: the same color, the same style, identical twins in patent leather. I had bought them in-person, something of an impulse because they were on sale, and had never looked at them anywhere online or even visited the designer's website. But somehow, Big Data determined, these were the sandals for me. And they were right.
It was a silly thing. So Facebook knows what kinds of shoes I like. So what? But it creeped me out. How did they know? And more importantly: What else did they know?
In the United States, there's not much we can do to find out which aspects of our personal lives are being bought and sold by data brokers. That's not the case in much of the rest of the world, where there are vast data protections, entire agencies devoted to data privacy, and serious enforcement efforts.
"Generally, if information is publicly available in the United States, its use is not restricted," said Jim Halpert, a lawyer with the Washington, D.C.-based firm DLA Piper who specializes in global data regulations. "The way that a defender of the U.S. system would respond is to say people don't really care if they get more specific advertising that they might be interested in... But it goes to discrimination in a certain way rather than to the information collection itself being a harm. At some point you can collect so much information about an individual that it becomes intrusive."
Browse through DLA Piper's extensive guide to data regulations and enforcement around the world and it's clear that the United States stands out compared with more robust protections in places like Canada and Europe. (Elsewhere, protections are lesser or nonexistent.) Many European countries have central agencies dedicated to data protection. In France, individuals must give their consent before a data broker can distribute his or her data. In the United Kingdom, websites have to notify visitors of data-tracking software. Many European countries require data brokers to give individuals the opportunity to review their data profiles, and to show them how to access, change, remove, or otherwise object to the data that has been collected.
There's some dissonance to the fact that data protections in the U.S. are so slim compared with other regulations in other nations. Culturally, Americans prize the right to privacy. And there are U.S. sectors, like health care, where protecting personal data is paramount. But Americans don't even know which pieces of their personal data is swirling around out there. Your name, age, past addresses, political party enrollment, whether you own a home—sure, you might expect that kind of stuff is to be shared by marketers and others who deal in data. But data brokers specialize in inference, too, so they can figure out all kinds of super-specific details about who you are and how you live.
"For example, a data broker might infer that an individual with a boating license has an interest in boating, that a consumer has a technology interest based on the purchase of a Wired magazine subscription, or that a consumer who has bought two Ford cars has loyalty to that brand," wrote the Federal Trade Commission in a report on Big Data this week.
The FTC has been pushing for Congress to do something about free wheeling data brokers for the better part of the last decade. All this data collection is happening without consumer consent, and some the profiling that seems innocuous is actually harmful, the commission argues.
One person profiled as low-income might be inundated with sub-prime mortgage offers. Another person profiled as a motorcyclist might be flagged by insurance companies for higher rates. The categories into which consumers are sorted are incredibly detailed, and they're based on a mix of government data (like the political donations you made), publicly available data (like the relationship status on your Facebook profile), and commercial data (like how Aquafresh Extreme Clean is your favorite brand of toothpaste, a nugget of data that's linked to you because you swiped your CVS rewards card before paying).
Big data knows your net worth. It knows that you have a dog. It knows when you're most likely to use a coupon. It knows your favorite brand of detergent. It knows your dress size. It knows about your last speeding ticket, and when you got the oil changed. It knows you have a hunting license. It knows whether you're pregnant—and often before you have a chance to share the news. The New York Times in 2012 told the alarming story of a teenager whose father angrily complained to Target for sending his young daughter promotional mailings for cribs and baby clothes. It later turned out the girl was pregnant, just as her data profile predicted. She simply hadn't told her parents yet.
The head of one social analytics firm recently told me that his company's software can make eight inferences about you from a single tweet. Data trackers even incorporate information about you from your offline behaviors to create more detailed profiles for companies that want to target you online.
The nine data brokers that the FTC examined for its report highlight the dizzying data-collection industry in the U.S. According to the report: data aggregator Rapleaf has at least one data point associated with more than 80 percent of all U.S. email addresses; analytics firm Corelogic has 795 million historical property transactions, 93 million mortgage applications, and property-specific data covering more than 99 percent of U.S. residential properties; and the firm Datalogix, in partnership with Facebook, has marketing information about almost every U.S. household and more than $1 trillion in consumer transactions. From the FTC report:
Data brokers acquire a vast array of detailed and specific information about consumers; analyze it to make inferences about consumers, some of which may be considered sensitive; and share the information with clients in a range of industries. All of this activity takes place behind the scenes, without consumers’ knowledge.
The FTC wants Congress to consider legislation that would require data brokers to give consumers access to their data that companies collect. And it wants people to be able to opt out of having their data traded for marketing purposes. But for now, most data brokers operate with "minimal transparency and are subject to virtually no statutory consumer protections," according to a Senate Committee on Commerce, Science and Transportation report released last year.
“Consumers deserve to know what information about their personal lives is being collected and sold to marketers by data brokers,” Sen. Jay Rockefeller, D-W.V., said in a statement earlier this year. Rockefeller introduced the The Data Broker Accountability and Transparency Act of 2014 to provide consumer protections and oversight to what he calls a "booming shadow industry that generated more than $150 billion in 2012." He said this week that the FTC report makes his earlier concerns about data brokers "stronger than ever." The measure, along with a similar bill introduced in the House, is still in the early stages of consideration before a congressional committee.
Meanwhile, the Big Data machine keeps going where you go, tracking what you do, and creating an ever clearer picture of who you are.