By Mia Hanuska
I highly value digital privacy. I try to keep my digital footprint as small as possible; these articles for The Shield are some of the only results that show up when I google my name. My accounts for Instagram, Youtube, Pinterest—even my email—do not contain my real name and are all private. I take that extra step to customize cookies on a website I’ll be on for two seconds. In today’s society, this level of caution online is abnormal, I mean, what’s the point of it anyways?
Our internet is crammed with data brokers: companies that buy and sell personal information, collected from peoples’ online data and fueled by peoples’ activity. Web browser activity, public records, commercial sources, and checking “I agree” allow these companies to form a personalized profile of users. These profiles are then sold for marketing, risk mitigation, health insurance, and, arguably the worst, people search sites. Businesses will purchase profiles to help them better target their advertisements, which benefits them through making their ads more successful and profitable. Moreover, a website may buy information to lower the risk of fraud by comparing the information the website holds about a consumer with the information the user enters when purchasing.
Health insurance charges a rate based on a patient’s risk of complications—which can be influenced by what pills or symptoms someone may have searched for in the past. Since their online activity is collected in a personalized profile, any information possibly searched for a friend, family member, or simply from curiosity may cause health insurance companies to charge a higher rate under the false pretense that the patient has more health complications than in reality. Castlight Health, an app for businesses to provide health insurance, exemplifies this greatly, they advertise a “360° view of each member” through “user behavior,” and used to boast about consumers receiving personalized care after only a simple Google search. However, for those whose professions require learning about different conditions, such as writers and doctors, or those simply curious, this adversely affects them—their learning is directly affecting how much they must pay for health insurance.
Similarly, over 90% of medical websites contain code that sends user’s information to third-party data brokers. Unfortunately, since a large portion of users on these websites are older adults, and since they are often unfamiliar with the internet, they do not have as many privacy protections enabled, making them more susceptible to online health scams.
Lastly, people search sites are a type of data broker that allows people to pay a fee in order to access personal information about someone. This information can be used for doxing, social engineering, and identity theft. It also harms consumers by making them more vulnerable to phishing and scam emails. Additionally, phone numbers and addresses are often included in the listed information, which raises concerns for abuse or assault victims who require anonymity for their safety.
These data brokers are completely legal in the United States. Few laws protect users’ online privacy, and the laws that claim they do in actuality cover very little real information. In 2010, and later updated in 2019, Senator Josh Hawley introduced the Do Not Track Act, legislation that would allow users to opt-out of the collection of their data, but the proposal ultimately failed in congress due to lack of support in 2018. Luckily, California passed the California Consumer Privacy Act of 2018 and Vermont approved their Data Broker Act, which enacted restrictions on data brokers and required them to register with the Secretary of State and provide information about their practices. This legislation does not inherently protect personal information, but instead forces websites to offer an opt-out option to consumers and gives the public a list of data brokers in these states. Unfortunately, these acts only apply to the companies in California and Vermont—companies based in any other state can still operate freely.
The United States federal government must make efforts to protect consumers’ privacy. Countless other countries have legislation on this already: Australia, Canada, the United Kingdom, and European Union all have their own versions of data privacy acts. The United States needs to take inspiration from these regulations and craft their own to defend their citizens. Consumers should not have to take the privacy measures themselves and simply trust that websites are respecting them; they must be legally protected to ensure full safety. Laws must be passed, especially for those—often the elderly and young children—uneducated on online privacy, as they are most susceptible to getting their information stolen and sold without them even knowing.
I take extreme measures to attempt to protect what information about me is available online. I shouldn’t have to worry about this; my privacy should be protected. But until I can ensure safety online, I will continue to exercise caution online—and so should you. People, and their personal information, are not products. United States government: stand up for your citizens.