Sen. Ed Markey (D-MA) introduced S. 1815 with Sens. Blumenthal, Whitehouse, and Sanders.

The DATA Act would restrict the activities of “data brokers” and require them to provide consumers access to data about themselves and an opportunity to correct inaccuracies. It would also require the auditing or retracing of internal and external access/transmission to/of that data. The FTC would write and enforce the regulations, along with state AGs.

Is a marketing research and analytics company a data broker?

Because the legislation makes no allowance for non-commercial purposes, or deidentification or aggregation, the term “data broker” would include a research sample provider, and might include almost any for-profit marketing research and analytics company.[1] Such problems plague most data broker definitions, including the one used by the FTC.

Tied up in defining a data broker is the legislation’s lack of any definition for “personal information.” The FTC would be granted extraordinary rulemaking authority (under the Administrative Procedures Act) to develop a definition at its discretion. The agency’s track record of public statements and enforcement actions indicate that the FTC considers just about any piece of information to be potentially personally identifiable, and thus covered by the DATA Act.

Access and correction rights

While accuracy is an easy expectation for the marketing research and analytics industry to meet – it is a rare researcher that doesn’t aim for the most accurate information possible – the requirement that a data broker provide consumers access to their data would prove much more problematic.

Access to consumer data may make sense in contexts where such data (particularly if inaccurate) could adversely impact a consumer’s credit rating, personal or professional reputation, or likelihood of becoming a victim of identity theft or fraud, but none of these conditions should reasonably be assumed to apply to marketing research and analytics data.

The cost of access and the ability of companies to authenticate the identity of consumers requesting access are also serious concerns and weigh heavily against marketing research and analytics companies being required to grant access. The cost of access/correction could be quite onerous, especially for smaller companies and organizations, with a potential deluge of frivolous or pointless inquiries.

Since the research process is interested in broad groups, not individuals, compiling and tracking individual consumer data would require complex and costly procedures and infrastructure not currently in use. Moreover, such tracking could lead to a much greater threat of harm from data leakage – and empower the kind of consumer tracking that many policymakers seem to fear.

The Insights Association would propose instead a ‘sliding scale’ for access/correction, to reconcile the vague benefits with the expected costs. The availability and extent of access should depend on the data actually being capable of being used for criminal or fraudulent purposes. More importantly, the use of the data should matter, and data collected, used and shared for survey, opinion and marketing research purposes should not be subject to access/correction – especially given that consumer concern focuses on data brokerage for marketing purposes, or those of credit, employment and other eligibility, not on research purposes.

The Insights Association’s position: marketing research and analytics companies should not be considered “data brokers,” and should be carved out of the DATA Act and any other such legislation.

 

[1] S. 1815 defines a data broker as "a commercial entity that collects, assembles, or maintains personal information concerning an individual who is not a customer or an employee of that entity in order to sell the information or provide third party access to the information.”