DELETE Act Would Require Data Brokers To Delete Personal Data

DELETE Act Would Require Data Brokers To Delete Personal Data
Photo by S Migaj on Unsplash

Given the flurry of stories over the last week regarding the activities of data brokers, it seems like a good time to review a bill released this year to regulate data brokers. There was this article on how Grindr, the gay dating app, has been selling the sensitive information of its users for advertising. In what is a timely piece, Vice shined light on the practice of selling data on people who visited Planned Parenthood locations, which SafeGraph, the “location data broker” documented in the article, has now said it will stop doing. Vice also reported that “The Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation.”

And while the practices in these articles may seem sensational or remarkable, they are merely the most recent in a long line of pieces of the data brokering industry. For example, in March, The Markup wrote about the documents it obtained from litigation between a data broker and one of the entities to whom it sold personal data and asserted the data broker is not sure of where all personal data is that it collects and sells. Last December, The Markup found that “Life360, a popular family safety app used by 33 million people worldwide…is selling data on kids’ and families’ whereabouts to approximately a dozen data brokers who have sold data to virtually anyone who wants to buy it.” Last year, the Wall Street Journal detailed how one now-defunct defense contractor inadvertently discovered it could track U.S. troops convening in Syria for operations in 2016. in December 2019, the New York Times obtained a dataset with fairly little trouble that was then used to track a Secret Service agent assigned to protect President Donald Trump:

The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes—with assistance from publicly available information—for us to deanonymize location data and track the whereabouts of President Trump.