Tim Cook, Apple’s chief executive, has called for “comprehensive federal privacy legislation” in the US to establish a registry of data brokers.
He has urged the US government to undertake similar measures as Europe and its GDPR legislation to tackle the “shadow economy” of intermediaries who trade in the data of largely unsuspecting consumers.
In an op-ed for Time Magazine published yesterday (Thursday), Cook said: “One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer – something most of us have done.
“But what the retailer doesn’t tell you is that it then turned around and sold or transferred information about your purchase to a ‘data broker’ – a company that exists purely to collect your information, package it and sell it to yet another buyer.
“The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that’s largely unchecked – out of sight of consumers, regulators and lawmakers.”
A registry of data brokers would give consumers access to see what data of theirs is being sold, and then the right to easily remove it “on demand, freely, easily and online, once and for all.”
In November, campaign group Privacy International filed a series of complaints against large data brokers such as Acxiom, Experian, Oracle and Criteo. It urged regulators to look into whether their businesses fell foul with GDPR.
Some of the largest data brokers have already come under scrutiny in Europe, after the campaign group Privacy International filed a series of complaints in November asking regulators to investigate whether the basis of their businesses fell foul of GDPR, the European privacy regulation.
Speaking at the time, Ailidh Callander, Privacy International’s legal officer, said, according to the Guardian: “The data broker and ad-tech industries are premised on exploiting people’s data.
“Most people have likely never heard of these companies, and yet they are amassing as much data about us as they can and building intricate profiles about our lives. GDPR sets clear limits on the abuse of personal data.”