Privacy Expert Urges Policy Overhaul to Combat Data Brokers’ Practices

Privacy expert Yael Grauer, known for creating the Big Ass Data Broker Opt-Out List (BADBOOL), has a message for those frustrated with the endless cycle of removing personal data from brokers’ databases: push lawmakers to implement meaningful policy reforms. Speaking at the ShmooCon security conference, Grauer likened the process of opting out to an unwinnable game of Whac-A-Mole, where users must repeatedly fend off new threats to their data privacy. 

Grauer’s BADBOOL guide has served as a resource since 2017, offering opt-out instructions for numerous data brokers. These entities sell personal information to advertisers, insurers, law enforcement, and even federal agencies. Despite such efforts, the sheer number of brokers and their data sources makes it nearly impossible to achieve a permanent opt-out. Commercial data-removal services like DeleteMe offer to simplify this task, but Grauer’s research for Consumer Reports found them less effective than advertised. 

The study, released in August, gave its highest ratings to Optery and EasyOptOuts, but even these platforms left gaps. “None of these services cover everything,” Grauer warned, emphasizing that even privacy experts struggle to protect their data. Grauer stressed the need for systemic solutions, pointing to state-led initiatives like California’s Delete Act. This legislation aims to create a universal opt-out system through a state-run data broker registry. While similar proposals have surfaced at the federal level, Congress has repeatedly failed to pass comprehensive privacy laws. 

Other states have implemented statutes like Maryland’s Online Data Privacy Act, which restricts the sale of sensitive data. However, these laws often allow brokers to deal in publicly available information, such as home addresses found on property-tax sites. Grauer criticized these carve-outs, noting that they undermine broader privacy protections. One promising development is the Consumer Financial Protection Bureau’s (CFPB) proposal to classify data brokers as consumer reporting agencies under the Fair Credit Reporting Act. 

This designation would impose stricter controls on their operations. Grauer urged attendees to voice their support for this initiative through the CFPB’s public-comments form, open until March 3. Despite these efforts, Grauer expressed skepticism about Congress’s ability to act. She warned of political opposition to the CFPB itself, citing calls from conservative groups and influential figures to dismantle the agency. 

Grauer encouraged attendees to engage with their representatives to protect this regulatory body and advocate for robust privacy legislation. Ultimately, Grauer argued, achieving meaningful privacy protections will require collective action, from influencing policymakers to supporting state and federal initiatives aimed at curbing data brokers’ pervasive reach.