Danielle McNamara

Associate Editor

Loyola University Chicago School of Law, JD 2023

The ability to purchase private data through commercial data brokers has become increasingly easy. Data brokers originally gained popularity as a way to assist marketing and advertisements, allowing companies to better communicate with their consumers. Lawmakers worry data brokers’ products have begun to cater towards law-enforcement, causing constitutional concerns.

What is a data broker?

Data brokers are essentially companies that collect and compile personal data which they then sell to other businesses. This data collection usually includes information readily available to the public. However, data brokers may also collect information online via private social media, dating profiles, cellphone tracking, website browsing, and even publicly unavailable documents such as driving records and court cases. This data is valuable to marketing and advertising companies, as they can see which businesses people frequent, where they live, and what they are interested in. The data broker market generates approximately 200 billion dollars a year and is used by countless businesses.

How do government agencies use this data? 

Although data brokers gained popularity through their focus on marketing and advertising, many have begun focusing on law-enforcement involved activity. For example, government agencies including Homeland Security, ICE, and Customs and Border Protection have used data broker Venntel Inc. to attain user location data to identify undocumented immigrants and potential terrorist group activity within the United States.

Furthermore, the Internal Revenue Service (IRS) has utilized marketing firms like Venntel Inc. to obtain cell phone GPS data in an attempt to track and identify potential criminal suspects. The IRS uses this information to investigate cybercrimes, drug trafficking, money-laundering, and other organized crime. Normally law enforcement would obtain a different variation of cellphone data through phone carriers called cell tower data, a procedure that requires a court order. However, because marketing data released by data brokers does not typically include names and cell phone numbers, governmental institutions argue that the information obtained does not invade personal privacy.

Why is this an issue?

The Fourth Amendment protects citizens from unreasonable searches and seizures. As data becomes more accessible and more detailed, it has become increasingly easy to access almost all parts of citizens’ personal information, whether by purchasing from outside sources, or simply finding the information readily available through internet searches. The line between invasion and opportunity likewise becomes blurred, especially for government officials.

While the Supreme Court has held that the Fourth Amendment does not encompass protecting information voluntarily disclosed through public social media and cell phone companies, undisclosed private information usually requires a warrant to obtain. In the 2018 case Carpenter v. United States, the Supreme Court held that the government cannot compel companies to produce cell-site records without a warrant. In the 5-4 decision, the justices grappled with the fact that with the increasingly advanced digital age, the expectation of privacy has changed and cannot fit neatly in past precedents. Nonetheless, the Court ultimately held that information such as precise locations obtained by cell carriers may not be obtained by police without a warrant.

Moving forward

While there has not been any clear indication as to where the courts stand in allowing government agencies to circumvent warrant requirements by obtaining data from broker-released information, a bill named the Fourth Amendment Is Not for Sale Act has been proposed. This bill seeks to require all government entities to secure a court order before purchasing commercially available data from sources like data brokers. Nonetheless, this bill is one of a slew of privacy bills introduced in Congress year after year that fail to leave committee.

Furthermore, a Treasury Department watchdog report generated in early 2021 warns that stricter controls on the purchase and use of personal data by government agencies without a warrant should be implemented. Although this report does not have the force of law, it demonstrates the gravity and constitutional concerns that arise through the use of data brokers and the vast information they provide to those willing to pay the price.

Several states have attempted to implement regulations on data broker usage. For example, Vermont attempted to monitor data broker activity by passing a law requiring all businesses trading information in Vermont to register for a database which allows consumers to find information about which companies sell their data and allow them to delete it. However, although many firms registered, the information they provided was vague at best and many other firms failed to register at all. Alternatively,  California passed a law allowing state residents to opt out of having their data sold and Maine has barred Internet providers from selling customers’ information.

Nonetheless, the data broker industry remains largely unregulated because there is currently no sweeping federal legislation in place. Thus, data brokers are relatively free to collect and sell personal data without the knowledge of the consumer. While there are a variety of laws protecting certain aspects of consumers’ information such as the Fair Credit Reporting Act (“FCRA”) and the Health Insurance Portability and Accountability Act (“HIPPA”), as we continue to see the data collected by brokers used by government agencies, more regulation of the data broker industry will be an important step in safeguarding the constitutional protections of citizens.