I remember the moment, four years ago, when I realized just how well Big Data knew me. I was sitting in the newsroom one afternoon and clicked over to Facebook, where an advertisement caught my eye.
There on my screen was an image of the exact pair of hot pink Tory Burch sandals I was wearing at that very moment. On my feet and on my screen: the same color, the same style, identical twins in patent leather. I had bought them in-person, something of an impulse because they were on sale, and had never looked at them anywhere online or even visited the designer's website. But somehow, Big Data determined, these were the sandals for me. And they were right.
It was a silly thing. So Facebook knows what kinds of shoes I like. So what? But it creeped me out. How did they know? And more importantly: What else did they know?
In the United States, there's not much we can do to find out which aspects of our personal lives are being bought and sold by data brokers. That's not the case in much of the rest of the world, where there are vast data protections, entire agencies devoted to data privacy, and serious enforcement efforts.
"Generally, if information is publicly available in the United States, its use is not restricted," said Jim Halpert, a lawyer with the Washington, D.C.-based firm DLA Piper who specializes in global data regulations. "The way that a defender of the U.S. system would respond is to say people don't really care if they get more specific advertising that they might be interested in... But it goes to discrimination in a certain way rather than to the information collection itself being a harm. At some point you can collect so much information about an individual that it becomes intrusive."
Browse through DLA Piper's extensive guide to data regulations and enforcement around the world and it's clear that the United States stands out compared with more robust protections in places like Canada and Europe. (Elsewhere, protections are lesser or nonexistent.) Many European countries have central agencies dedicated to data protection. In France, individuals must give their consent before a data broker can distribute his or her data. In the United Kingdom, websites have to notify visitors of data-tracking software. Many European countries require data brokers to give individuals the opportunity to review their data profiles, and to show them how to access, change, remove, or otherwise object to the data that has been collected.
There's some dissonance to the fact that data protections in the U.S. are so slim compared with other regulations in other nations. Culturally, Americans prize the right to privacy. And there are U.S. sectors, like health care, where protecting personal data is paramount. But Americans don't even know which pieces of their personal data is swirling around out there. Your name, age, past addresses, political party enrollment, whether you own a home—sure, you might expect that kind of stuff is to be shared by marketers and others who deal in data. But data brokers specialize in inference, too, so they can figure out all kinds of super-specific details about who you are and how you live.
"For example, a data broker might infer that an individual with a boating license has an interest in boating, that a consumer has a technology interest based on the purchase of a Wired magazine subscription, or that a consumer who has bought two Ford cars has loyalty to that brand," wrote the Federal Trade Commission in a report on Big Data this week.
The FTC has been pushing for Congress to do something about free wheeling data brokers for the better part of the last decade. All this data collection is happening without consumer consent, and some the profiling that seems innocuous is actually harmful, the commission argues.
One person profiled as low-income might be inundated with sub-prime mortgage offers. Another person profiled as a motorcyclist might be flagged by insurance companies for higher rates. The categories into which consumers are sorted are incredibly detailed, and they're based on a mix of government data (like the political donations you made), publicly available data (like the relationship status on your Facebook profile), and commercial data (like how Aquafresh Extreme Clean is your favorite brand of toothpaste, a nugget of data that's linked to you because you swiped your CVS rewards card before paying).