Data brokers should stop trading health and location data, new bill proposes

Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data.

Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international headlines because it affected hundreds of millions of people, and it included Social Security Numbers.

All this when data brokers had already been faced with reforms in the shape of the American Privacy Rights Act (APRA). Hwoever, APRA is not expected to pass before Congress wraps up for the year, and some lawmakers feel the need for extra data regulations.

The newly introduced “Health and Location Data Protection Act of 2024” would provide the Federal Trade Commission (FTC) with $1 billion for enforcement and give the FTC, state attorneys general and victims of data broker abuses the right to sue brokers for violating the law.

Location data are considered extra sensitive because they can be abused by stalkers. Health information often includes highly personal and intimate details about an individual’s life, such as medical history, mental health status, substance abuse, family planning, and genetic testing results.

The bill also mentions a third category which includes other categories of data that address or reveal location or health data.

Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sources. These sources can range from publicly available data to data sets stolen in cybercrimes. They then sell the gathered data for several purposes.

Background checks are required for specific jobs, as well as some insurance policies, loans, and other financial transactions, but some data brokers just deal in marketing and advertising related information.

One of the main dangers of all these data brokers is that they trade amongst themselves. Because of this they not only gather information about more and more people, but also get their hands on information that isn’t even relevant to their field of expertise.

To the victims of a data breach at one of these companies the origin of the stolen data is often a mystery. They have no direct contact with the companies and are usually unaware that they have information about them in the first place.

So, we can only hope that the senators get at least this bill passed prior to the end of the current Congress, or else it will all have to start over again in the next year.

We don’t just talk about your data, we help remove it from broker sites

Cybersecurity risks should never spread beyond a headline. Clean up your data using Malwarebytes Personal Data Remover (US only).