In recent developments, privacy advocates have raised alarms over data brokers potentially violating state laws by selling personal information without proper registration and transparency. This situation impedes individuals from understanding what personal data is collected and sold, as well as from exercising their right to opt out of such practices.
State-Level Privacy Regulations
Unlike the European Union’s stringent General Data Protection Regulation (GDPR), the United States lacks a comprehensive federal privacy law. However, four states—California, Oregon, Texas, and Vermont—have enacted legislation requiring data brokers to:
– Register with state authorities.
– Disclose the types of personal data they collect and sell.
– Provide residents with the option to opt out of data collection and resale.
Alleged Non-Compliance by Data Brokers
Investigations by the Electronic Frontier Foundation (EFF) and the Privacy Rights Clearinghouse (PRC) have uncovered that numerous data brokers have failed to register in all the states where they operate. This non-compliance prevents consumers from accessing information about their personal data and from opting out of its sale. The EFF emphasizes the urgency of addressing this issue due to the sensitive nature of the data involved, which can include location information and other personal details. Such data can be exploited for targeted advertising, discrimination, and even government surveillance. Additionally, the widespread dissemination of personal data increases the risk of data breaches, making it easier for malicious actors to engage in phishing, harassment, or stalking.
Broader Implications and Industry Practices
The problem may be more extensive than current findings suggest. The EFF and PRC’s analysis primarily identified brokers registered in at least one state but not all four, indicating that there could be others operating without registration in any of the states. This lack of compliance underscores the challenges in regulating the data brokerage industry and protecting consumer privacy.
Federal Regulatory Efforts and Setbacks
In December 2024, the Consumer Financial Protection Bureau (CFPB) proposed new regulations to limit the sale of Americans’ personal information by data brokers. These rules aimed to subject data brokers to the same regulations as credit reporting agencies, ensuring better protection against data misuse. However, in May 2025, the Trump administration scrapped these proposals, citing a shift in policy goals and legal concerns under the Fair Credit Reporting Act. This rollback has been criticized by consumer advocates, who warn that it leaves the public more vulnerable to fraud and identity theft.
Industry Response and Legal Actions
The Federal Trade Commission (FTC) has taken action against data brokers engaging in questionable practices. In December 2024, the FTC settled with two data brokers, Mobilewalla and Gravy Analytics, for selling data that tracked individuals’ religious and political beliefs and pregnancy status without consent. These companies agreed to cease using data on visits to sensitive locations and to implement opt-out mechanisms for individuals. This settlement marked the first instance of the FTC prohibiting the gathering of location data through online ad auctions, reflecting a growing concern over consumer privacy.
Corporate Advocacy for Privacy Legislation
Tech companies have also voiced concerns over data broker practices. Apple CEO Tim Cook has called for comprehensive federal privacy legislation in the U.S., criticizing the shadow economy of data brokers that collect and sell personal information without consumer consent. Cook emphasized the need for transparency and consumer control over personal data, highlighting the challenges posed by data brokers operating with little oversight.
Conclusion
The alleged non-compliance of data brokers with state laws highlights significant gaps in the regulation of personal data collection and sale in the United States. While some states have enacted laws to protect consumer privacy, the lack of a unified federal approach leaves many individuals vulnerable. The rollback of proposed federal regulations further complicates efforts to safeguard personal information. As the debate continues, it is crucial for consumers to be aware of their rights and for policymakers to consider comprehensive measures to address the challenges posed by the data brokerage industry.
