September 12, 2013 | By Adi Kamdar

Data Broker Acxiom Launches Transparency Tool, But Consumers Still Lack Control

Acxiom, a data broker that collects 1,500 data points per person on over 700 million consumers total and sells analysis of such information, is trying to ward off federal privacy regulations by flaunting transparency—a diluted term, in this case—around user data. The company just launched AboutTheData.com, a site that will let users see and edit some information that Acxiom has about them—only "some," since Acxiom's analytics reveal far more information about you (living habits and personal preferences) that isn't readily available to you, but is sold to partner companies.

Everyone should be deeply concerned about data brokers. These companies are scavengers for very personal data, amassing details about everything from "major life events" (like a wedding or a baby) to your browsing history and shopping habits, and they have even begun exploring business relationships with social media giants like Facebook and Twitter. And once this data is collected, it's a small step away from government agencies and law enforcement. (There was hubbub around Acxiom and travel information, which the government collected and inadvertently shared.) ACLU has an excellent breakdown of Acxiom after the company released operational details in response to a Congressional inquiry.

The Federal Trade Commission (FTC) has launched an in-depth investigation into data brokers to see what information they gather and how it is used. Commissioner Julie Brill recently wrote an op-ed demanding transparency around what user data is being collected through a voluntary "Reclaim Your Name" campaign.

As Commissioner Brill notes, these companies "load all this data into sophisticated algorithms that spew out alarmingly personal predictions about our health, financial status, interests, sexual orientation, religious beliefs, politics and habits." These nuggets of information are subject to limited protections, leaving the door wide open for abuse. And consumers have extremely little control. Not only do we not know what information—correct or not—has been collected, but we often have limited means of opting out.

Of course, checking Acxiom's database requires entering personal information about yourself (name, address, birthday, Social Security number) before you can view or edit your information. This entered information, their privacy policy indicates, "may be shared within the Acxiom Corporation family of businesses" to fulfill a request. Users who are wary of entering their personal information should proceed with caution given the wording of this privacy policy, since there is no clear indication that entering your information will be used only to look up your records and will not itself be saved.

Being able to edit one's information is critical—aggregated misinformation by companies like Acxiom has cost people jobs. And users of the new site have had mixed-to-negative results. Folks are often shocked by how mistaken some of the data is about them, leading some to suggest that AboutTheData.com is simply a free, crowdsourced data cleaning service for Acxiom. Since the new site came out, some have carefully questioned if transparency is helpful in this case at all.

Though limited, it is encouraging to see a company take this step towards transparency—there's even a clearly marked opt-out button. But this isn't enough at all. And we have to remember that Acxiom is just one entity in a field of over 250 data brokers.

It's too soon to tell if Acxiom's move will cause a domino effect, or whether transparency and privacy are truly points of competition. "Self-regulation" by the data broker industry leaves much up in the air—especially when highly personal information at stake. The FTC has called for information about data brokers to be amassed on one centralized site, and there's no reason for that site not to have a simple one-click opt out. Legislative efforts—especially in California—are taking steps to empower consumers. One, AB 370, would update California's Online Privacy Protection Act (CalOPPA) and require websites to clearly explain to their users how they respond to Do Not Track signals. Another, California's Right to Know Act, would also allow consumers to request exactly what information companies have about them, as well as who they're sharing such data with.

Ultimately, we need a system with teeth that allows consumers to take fuller control of data about them.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

ICYMI: Major security research published this week. Read about the Logjam vulnerability and see if you're affected: https://weakdh.org/

May 22 @ 12:26pm

Patent bully abandons lawsuit against online photo hobbyist, avoiding courtroom showdown with EFF https://eff.org/r.t7ad

May 22 @ 12:16pm

Right now: @SenSanders speaking out against government overreach and the perils of too much surveillance: https://eff.org/r.7k83

May 22 @ 12:01pm
JavaScript license information