EPIC White Paper Finds Gaps in State and Federal Privacy Law Coverage of Data Brokers 

Today, EPIC published Unbridled and Underregulated: Removing FCRA and GLBA Exemptions from Privacy Laws to Hold Data Brokers Accountable, a white paper by EPIC Law Fellow Caroline Kraczon and EPIC Scholar in Residence Justin Sherman.  

Data brokers are companies that collect, aggregate, package, and sell huge volumes of our personal data, often without having any direct relationship with consumers. Our paper surveys the landscape of federal- and state-level privacy laws covering data brokers, finding that many of these laws include exemptions for data or entities covered by the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA). These exemptions can let data brokers partly off the hook and allow privacy-invasive and harmful data broker activities to go unregulated.  

The paper compares the consumer rights and protections included in the FCRA, the GLBA, and state privacy laws, evaluates the negative incentives created by the current legislative and regulatory structure governing data brokers, and provides recommendations for policymakers to better protect consumers from data broker-caused harm.