Vermont has quietly done something no other state or federal entity has managed in the middle of global headlines about data privacy. The legislature passed a data broker law, requiring sellers of consumer personal data to register, maintain certain standards and if they don’t potentially face serious consequences.
These are brokers most consumers have never heard of because the companies serve businesses not individuals. I’ve heard these brokers referred to as modern day “garbage sifters.” Before the internet, they were going through your garbage for signs of what you buy, when, what medications, banks and that the household used so they could generate a profile and sell it to companies.
There was a line in one of the articles about the landmark law byTechCrunch that really stuck me:
“Data brokers have been quietly supplying everyone with your personal information for a long time. And advertising is the least of its applications: this data is used for informing shadow credit scores, restricting services and offers to certain classes of people, setting terms of loans, and more”.
For all the decades of laws outlawing redlining (where banks cannot discriminate based on where you live, often racially motivated), protecting our medical privacy rights (e.x. HIPAA Privacy Rules ) and consumer credit protection laws, are we now back to square one? How can there be zero accountability to the ever growing sources of data that may or may not be accurate, especially as new predictive algorithmic tools claim to make “scientific” conclusions based on the piles of information they collect?
We should all pay attention to how this law unfolds in Vermont.