The Federal Trade Commission on Monday called on Congress to shed light on the opaque world of data brokers who collect and sell consumer data but remain largely invisible to the public.
In a report released Monday, the FTC called for legislation to give consumers access to personal data held by brokers and allow them to correct any inaccurate information. The commission also suggested a website where brokers could identify themselves to consumers and describe how they collect and disclose information.
Though largely unknown to the general public, data brokers gather information from a variety of public and private sources, including home purchase histories, change of address forms, credit card activity and even address information from local pizza delivery shops, according to Ashkan Soltani, a noted privacy researcher. Then they sell that data to buyers who use it for a variety of purposes, often for online marketing.
In a conference call with reporters, FTC Chairman Jon Leibowitz said Monday that data brokers are "invisible to consumers."
Privacy advocates praised the commission's call for greater transparency.
"Today, consumers face an ever growing and largely invisible data apparatus that collects and pools their information 24/7," Jeff Chester, executive director of Center for Digital Democracy, said in a statement. "The harvesting and sale -- often in real-time -- of our valuable data, including about our financial and health interests, poses a major threat to consumers."
The FTC report was based on more than 450 public comments and numerous discussions between privacy advocates and the online advertising industry.
The report sought to address ways to protect Internet users who often unknowingly reveal vast amounts of personal data as they surf the Web. Information about the websites they visit, their activities on social networks and their online purchases can all be tracked, shared and sold between businesses and within advertising networks, experts say.
The FTC report, among other things, called for Congress to create a national standard for notifying customers if their data is lost in a data breach, suggested mobile application companies -- and websites more generally -- create "short, meaningful" privacy disclosures and urged the software industry to create a "Do Not Track" mechanism on browsers to let consumers choose how much of their information is collected online and how it is used.
Last year, at least two bills were introduced in support of a "Do Not Track" mechanism but did not pass. Leibowitz said he was confident that consumers will find such a setting on their web browsers by the end of the year.
The FTC regulates the use of consumers' data online but can only take legal action against companies whose privacy practices are deemed "deceptive" or "unfair." Companies that voluntarily agree to adhere to the FTC's suggested "best practices," as outlined in the report, make themselves subject to FTC enforcement for any lapses in those standards.
Last year, the FTC took action against Google and Facebook for deceptive privacy practices. But data brokers have been a "blind spot" for the FTC because they typically don't make privacy promises to consumers, Soltani said.
Ken Wasch, president of the Software and Information Industry Association (SIIA), the principal trade association for the software and digital content industry, said his group supports a "public-private" approach to ensuring consumer privacy but does not support the report's call for new legislation.
"In light of the FTC's substantial authority in this area, we do not believe there is a need for new privacy legislation," Wasch said in a statement.
But Sen. John D. Rockefeller IV (D-W.Va.), chairman of the Senate Commerce Committee, said the committee "needs to seriously consider" the FTC's recommendations, such as requiring online companies to honor consumer requests not to have their browsing activities tracked.
"Those companies said they’d do that, and they need to make good," Rockefeller said in a statement.