The Electronic Privacy Information Center (EPIC) is urging the Consumer Financial Protection Bureau (CFPB) to take regulatory action to protect consumers from the predatory practices of data brokers, highlighting the extensive collection and sale of personal data that impacts consumers' privacy. 

EPIC is calling on the CFPB to use its authority under the Fair Credit Reporting Act (FCRA) to impose data minimization requirements, ensure the security of consumers' personal information, and protect consumer rights, according to a July 17 news release from the organization. 

"Data brokers are the hidden engine of the surveillance economy," John Davisson, EPIC's director of Litigation, said in the release. "These companies collect, process, package and sell our personal data at industrial scale with minimal oversight, transparency or accountability. The CFPB has the opportunity to change that by breathing new life into the Fair Credit Reporting Act and cracking down on the data broker industry."

In response to the Consumer Financial Protection Bureau's investigation into data brokering, EPIC submitted in-depth comments that highlighted the broad range of personal information that brokers collect and sell, the harms that pervasive data trafficking causes to consumers and the ineffectiveness of current enforcement and safeguards to protect consumers, according to the release. 

Data brokers gather information from regular behaviors such as grocery shopping, television viewing and posting on social media to create detailed profiles of people. Additionally, despite efforts to protect data, numerous data-extractive technologies are now necessary for living in the modern world, the release reported. 

Data-extractive technologies and online services that require users to give over their data in exchange for access are used in a variety of contexts, including education, employment, banking, voter registration verification and many more, according to the release. These illustrations show the universal truth that even if they tried, the average human cannot successfully evade data collecting. The technologies that let users interact with mobile applications, view websites and access online services all depend on extensive and persistent data collection.

EPIC is pushing the CFPB to utilize underused regulatory and enforcement authority under the FCRA to address the privacy issues and other dangers that data brokers pose, the release said. Enacted in 1970, the FCRA safeguards consumers by policing how businesses that generate consumer reports gather, share, accurately retain and discard personal data. But, as EPIC showed, there is a lot more that can be done under the FCRA to stop data brokers from engaging in bad business practices.

EPIC urged the CFPB to exercise its FCRA jurisdiction to defend consumer rights, establish data minimization rules and guarantee the safety of customers' personal data stored by data brokers, the release reported. EPIC specifically requested the CFPB confirm the FCRA's broad application; make clear that data brokers, fraud detection firms and identity verification firms are presumed to fall under its purview; emphasize the limited uses for which consumer reports may be sold; establish unequivocally that FCRA-covered entities are liable for both unintentional and unauthorized disclosures of personal data; and incorporate the principle of data minimization into the CFPB's rules regarding consumer reporting.