Earlier this week, the Consumer Financial Protection Bureau (CFPB) announced that it will develop rules to prevent “misuse and abuse” of people’s sensitive information by placing restrictions on data sharing by data brokers. This is a much-needed step to advance privacy, give people more control over their data, and shed light on a notoriously murky industry.

In Congressional testimony and advocacy, Mozilla has raised concerns about the opaque state of the data broker industry; it’s nearly impossible to fully understand the extent of data selling and sharing today. For this reason, our methodology for assigning *Privacy Not Included (*PNI) warning labels to the products and brands we research considers whether a company’s privacy policy indicates they can buy or sell personal information with data brokers. If we determine that they do, they earn a privacy ‘ding’. Many of the harms people experience online are the result of unchecked data collection - by data brokers and beyond. For example, sensitive health data collected in apps is typically unprotected, which can have serious consequences. Similarly, geolocation data for purchase poses a privacy and safety risk for all Americans, but especially so for the most marginalized members of society and those who face the threat of violence such as those fleeing domestic abuse.

At Mozilla, we’ve worked to push the industry in a better direction. We build privacy protections into the browser to prevent data collection and offer tools that make it harder for data brokers to create a detailed profile of consumers’ online activity. We work to improve the advertising ecosystem, where data brokers sell information to target consumers, and we help people navigate deceptive design practices that trick people into handing over their data in the first place.

That said, we can only do so much in our products and by holding companies to account. It’s undeniable that consumer data powers today’s internet. As CFPB Director Rohit Chopra noted at this week’s White House roundtable on data brokers, AI only increases the reliance on vast troves of data. CFBP’s efforts are vital and we applaud the move – but it’s only a piece of the bigger picture.

As a part of reigning in the data broker industry, consumers require a comprehensive legal framework. Federal privacy legislation, like last year’s American Data Privacy and Protection Act(ADPPA), is critical to ensuring that people have agency over their online data and can truly benefit from technologies that improve their lives, without conceding to the exploitation of their personal data.

We’re pleased to see the White House and CFPB move to tackle some of these hugely problematic practices, and are eager to delve into the CFPB’s proposed rules when they’re released. We are hopeful these efforts can be a big step forward towards protecting sensitive consumer data, and the privacy of our most marginalized groups in society.

Reem Suleiman

Reem Suleiman

Reem is the US Advocacy Lead for the Mozilla Foundation