What internet data brokers have on you — and how you can start to get it back
D3sign | Moment | Getty Images
Data brokers have long operated in the shadows of the internet, quietly amassing unprecedented amounts of personal information on billions of people across the globe, but few realize just how deep this data collection really goes.
In an age where every move you make online — every click, every purchase, every “like” — is meticulously harvested, packaged, and sold for profit, aggregated personal data has become a valuable commodity, and the global data broker industry is proof of that.
The rise of artificial intelligence tools poses the risk of even more personal information being scraped from the internet and an already opaque world of data brokering becoming even more aggressive, and that is heightening data privacy concerns. A 2023 study from Pew Research found that the American public increasingly says it does not understand what companies do with their data. According to Pew, 67% of Americans say they “understand little to nothing about what companies are doing with their personal data, up from 59% in its previous survey on the subject in 2019. A majority of Americans (73%) think they have “little to no control” over what companies do with their data.
Many people are unaware that something as simple as their phone number can be used by data brokers and bad actors to uncover highly sensitive information, including a Social Security number, address, email, and even family details, said Arjun Bhatnagar, co-founder and CEO of Cloaked, an app that disguises your personal information by generating a unique “identity” for each online account you have.
According to Roger Grimes, an expert at cybersecurity education firm KnowBe4, while many data brokers —especially the more well-known players — sell information responsibly, some of the smaller, unknown brokerages skirt regulations, push ethical boundaries, and exploit data in ways that can lead to misuse or harm. This is partly due to the hazy regulation landscape around data brokerage, which makes it easier for these practices to go unchecked.
Some of the largest providers of data brokerage services include Experian, Equifax, TransUnion, LexisNexis, Epsilon (formerly Acxiom), and CoreLogic, according to a ranking from OneRep, an online personal data management service. People-search services Spokeo and Intelius are also among the top data brokers, according to OneRep. These companies operate across multiple industries, handling both publicly available information and more sensitive consumer data. They offer various services, ranging from marketing analytics to credit scoring and background checks, and all of them have processes for requesting your data or asking for it to be deleted. However, depending on the state you live in, they may not have to comply.
Experian, Equifax and TransUnion are a good place to begin to understand how much the data industry has grown. While many consumers know these companies for their credit services, those are now just one piece of the revenue pie, with broader digital marketing of data increasingly important, according to Jeff Chester, founder and executive director of the Center for Digital Democracy, a Washington, D.C.,-based consumer privacy advocate. And data collection spans much farther across the economy, with companies from grocery stores offering discount programs to streaming video services amassing data that others will pay for. “Today, everyone is a data broker. Having the ability to reach someone online and target has become a core part of business,” Chester said.
“I try to lock down everything as much as I can, but I’m also aware that even though I’m a security expert, I’m probably overexposed,” said Bruno Kurtic, president and CEO of data security firm Bedrock Security.
As a basic step to limit financial risks, he recommends that all individuals freeze their credit reports as a proactive measure against identity theft and to prevent malicious actors from opening new accounts or loans in their name.
Inside data brokers’ massive vault
Cybersecurity experts estimate that data brokers collect an average of 1,000 data points on each individual with an online presence.
“It behooves them to collect as much as humanly possible about you, because the larger the information pool about you and the more specific they can get, the higher the cost of that data,” said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company founded by former National Security Agency personnel.
Here’s a breakdown of the types of information data brokers typically collect, according to privacy experts interviewed by CNBC:
- Basic identifiers. Full name, address, phone number, and email.
- Financial data. Credit scores and payment history.
- Purchase history. What you search for online, what you buy, where you buy it, and how often you buy certain products.
- Health data. Your medications, medical conditions, and your interactions with health-related apps or websites.
- Behavioral data. Insights into your likes, dislikes, and the types of ads you’re likely to click on.
- Real-time location data. GPS data from apps that track your commute, where you shop, and how often you visit certain places.
- Inferred characteristics. Based on you’re your browsing and media consumption — the websites you visit, articles you read, videos you watch, data brokers draw insights about your lifestyle, income, preferences, religious or political beliefs, hobbies, and even your likelihood of charitable giving.
- Relationships with family, friends, and colleagues. By analyzing your network of friends, followers, and connections on social media and messaging apps, data brokers can map out your relationships and even track how frequently you interact with certain individuals to determine the depth of your bonds.
Little oversight around data privacy
The lack of comprehensive regulation around data privacy allows data brokers to operate with little oversight, unlike the General Data Protection Regulation (GDPR) in the European Union.
“There is no comprehensive federal privacy law that specifically regulates the industry, which makes it hard to combat them,” said Chelsea Magnant, adjunct instructor of cyber leadership at NYU’s Center for Global Affairs and a director at corporate consulting firm Brunswick. “We essentially have a patchwork of state laws with varying privacy protections that these companies know how to navigate.”
California was the first to enact comprehensive legislation in 2018 with the California Consumer Privacy Act, giving residents more control over their personal data. In 2020, California voters approved an expansion of the CCPA, called the California Privacy Rights Act, which took effect in 2023. It offers the most extensive protections in the U.S., including data correction, limiting the use of sensitive information, and requiring businesses to honor opt-out preference signals. It also imposes stricter data-protection obligations on companies, such as minimizing data collection.
Since then, about 20 other U.S. states have followed suit; however, the specific rights and thresholds for which companies must comply vary widely between states.
“Different states have different business environments, economies, and viewpoints. This lack of a unified approach, something that protects all citizens across the country, leaves us vulnerable to data brokers,” said Rob Hughes, chief information security officer at RSA.
Even in states where the privacy laws are strict, there is skepticism that smaller companies on the margins of the data brokerage industry will follow them. “They have extremely sensitive data sets under their management, and they have to essentially behave like the most sensitive enterprises. And we know that some of these data brokers just don’t operate businesses like that,” Kurtic said.
How to take control of your data
To start protecting your privacy, it’s important to rethink how much personal information is shared on a daily basis, says Cloaked’s Bhatnagar. While we can’t fully hide, consumers need to develop new habits and tools to limit what we expose, from turning off permissions that track your location to saying no to cookies and refraining from posting personal details online. Additionally, using tools like secure browsers, VPNs, and tracker blockers can help.
Some of the largest technology companies in our daily lives, such as Apple, are continually updating and adding to privacy options, such as on the new iPhone and latest iOS update.
An Equifax spokeswoman said U.S. consumers can opt out of their personal information being shared in accordance with U.S. state privacy laws. On average, she said, opt-out requests made through the Equifax Privacy Preference Center are processed in less than one business day and consumers are informed of a successful submission through the company’s Preference Center. Consumers can also review the types of third-parties that companies such as Equifax share personal data within its privacy section.
Opt-out links and instructions are readily available for most of the major data brokers:
But data privacy experts says reclaiming or deleting your data from brokers can be a deliberately complex process that is not only time-consuming but frustrating. Each broker has its own opt-out requirements, and even after you’ve removed your data, it often reappears, sourced from other places.
“Removing your data from their systems impacts their bottom line, so they are disincentivized to make this easy for you,” said Henderson. “Ultimately, if you remove the information, they can’t sell that. So the more people who request their information be removed, the less attractive of a broker they are to the advertisers.”
There are data-removal services, such as DeleteMe, Kanary, OneRep, and PrivacyDuck, which charge a fee to manage these ongoing tasks, and are becoming increasingly popular. In October, Consumer Reports launched Permission Slip, a free app that helps you control which companies can collect, store and sell your personal data. It relies on donations to keep it going, either through the app or the Consumer Reports website.
For those opting for the DIY approach, here’s what the data privacy experts interviewed by CNBC recommend to get started:
Identify the brokers collecting your data. As already stated, this can be a daunting task, as many operate behind the scenes. However, there are a few methods you can use to track them down, says Henderson. One is to conduct a Google search using your name, phone number, and email address and see which brokers pop up. You’ll most likely find your name on sites like Spokeo, Whitepages, or MyLife. Another strategy is to visit the websites of the largest data brokers and search your information.
Submit opt-out requests. If you live in a state with data privacy regulations, you can submit a request to delete your data on the opt-out page of these companies’ websites, including at the links listed above, so they cannot share your data with third-party companies. It’s important to note that each broker may have different processes for handling these requests and state laws vary when it comes to what types of data are covered. Some data brokers may also require you to provide identification or verify your identity.
Check your results. After submitting opt-out requests, revisit the data brokers’ sites periodically to ensure your data has been removed. It may take several weeks or months for your request to be processed.
Engage in digital hygiene practices. Regularly reviewing and updating your online security practices is essential. Secure passwords, two-factor authentication, and encryption tools can help protect your information. Using virtual identities, such as alternative email addresses and phone numbers, can further safeguard your personal information.
Seek legal recourse if necessary. If a data broker refuses to comply with a deletion request, you may be able to file a formal complaint with regulatory authorities such as the Federal Trade Commission, which has brought cases against the industry.
However, it’s important to understand that not every state provides the same level of protection. Consult a privacy attorney if you believe your rights have been violated.
‘The future is unfortunately dark’
Experts say deleting the data is an imperfect solution, “a Band-Aid to address a gaping wound,” according to Chester.
“Consumers have been placed in a bad position,” he said. “Data is now a form of payment,” he added, referring to cases where the consumer wants a discount in the grocery store or pharmacy. “This is a comprehensive privacy problem which requires Congress or the FTC. The idea an individual can take care of their privacy … you can shut down a tiny bit of it, but you would need to spend a great deal of time, and once you opt-in to get a discount at a store, it all starts over again.”
The future of the data broker industry looks both promising and troubling as technological advancements continue. Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School, warns that data brokers will continue to evolve as AI and machine learning advance.
“With AI, data brokers will create even more detailed and predictive profiles, incorporating everything from biometric data to behavioral tracking,” Abed said. “The problem will increase, and things are going to become more complicated.”
Abed sees potential in blockchain and privacy-enhancing technologies, which could disrupt the data brokerage model by increasing transparency and giving individuals more control over their digital identities. However, he remains skeptical: “The future is unfortunately dark. It needs to be collaborative work. I don’t see the motivation right now from the main actors for a collaborative change.”
“Telling our grandmothers or a child to configure settings on their social media and their browsers and search engines is not a winning proposition,” Kurtic said. “It’s going to take a combination of regulation, technology on the vendor side, and know-how on our own personal side.”
Until regulation steps in, data brokers will continue to collect as much data as possible. “These are revenue streams for companies that might not have other recurring revenue streams,” Henderson said. “And given there’s no regulation stopping businesses from selling information about you, I don’t see the practice stopping, especially given how lucrative it is.”
Each year 36 million trees fall due to decay, disease, natural disasters or clearing for new development. The vast majority of those trees are either burned, sent to a landfill or ground up for mulch, which wastes energy and causes carbon emissions.
Now, new technology is being used to find, transport and recycle that wood and make it useful once again.
Cambium is a startup aiming to disrupt the wood recycling space. Its Baltimore-based researchers are working on new ways to track, treat and transfer old wood into the supply chain. It bills itself as the platform “where timber meets tech.”
“We make it really easy to source wood that would have otherwise been wasted and we build technology for the wood industry so that we can save material, create new local jobs and address climate change at scale,” said CEO Ben Christensen.
Every piece of Cambium’s “carbon smart” wood has a barcode. Scan it, and Cambium’s app will identify what the species is, when it was milled and what its grade is.
Cambium’s technology helps find, recycle and then deliver the wood across the United States and to parts of Canada. The company works with local tree care services, trucking companies and saw mills as well as companies like Amazon, CBRE, Gensler and Room and Board.
“We help truckers coordinate loads so they can actually move this material, and then we help sawmills source that material, track that material when they’re actually using it within their sawmill and then ultimately sell that material as well,” Christensen said.
Recycled wood at Cambium.
Van Applegate | CNBC
While there are local wood recyclers, no one else is addressing the supply chain on a national scale, said Christensen, adding that he expects to eventually go global. This potential is enticing to investors.
“For us, as a venture capitalist who is looking to invest in businesses that kind of can go to the moon and become billion dollar businesses, this meets all the criteria,” said Adrian Fenty, founding managing partner at MaC Venture Capital.
Cambium is also backed by Volo Earth Ventures, NEA and Revolution’s Rise of the Rest Seed Fund, among others. The startup has raised $28.5 million in total funding so far.
If it was possible to salvage all the discarded wood material in the U.S., humans could source about half of our total demand, Christensen said.
Cambium doubled its sales last year, and Christensen said the big growth was on the software side. Its revenue comes from direct sales of wood to end users and from sales of software into the wood industry to facilitate moving, tracking and selling the recycled product.
“It’s critical for Silicon Valley investors, because we don’t want to invest in a wood company,” Fenty said. “We don’t want to invest in a construction company. We want to invest in a software company.”
Among the challenges ahead are the Trump administration’s tariffs on Canadian lumber, Christensen said. Those tariffs are expected to impact Cambium’s business, especially in the northeast region of the U.S.
“We’re moving material to sawmills that are 10 or 20 miles away across the border, and so obviously trade policy really impacts how that material moves,” Christensen said.
CNBC producer Lisa Rizzolo contributed to this piece.
Technology
AI that can match humans at any task will be here in five to 10 years, Google DeepMind CEO says
Google DeepMind co-founder and Chief Executive Officer Demis Hassabis speaks during the Mobile World Congress, the telecom industry’s biggest annual gathering, in Barcelona, Spain, Feb. 26, 2024.
Pau Barrena | Afp | Getty Images
LONDON — Artificial intelligence that can match humans at any task is still some way off — but it’s only a matter of time before it becomes a reality, according to the CEO of Google DeepMind.
Speaking at a briefing in DeepMind’s London offices on Monday, Demis Hassabis said that he thinks artificial general intelligence (AGI) — which is as smart or smarter than humans — will start to emerge in the next five or 10 years.
“I think today’s systems, they’re very passive, but there’s still a lot of things they can’t do. But I think over the next five to 10 years, a lot of those capabilities will start coming to the fore and we’ll start moving towards what we call artificial general intelligence,” Hassabis said.
Hassabis defined AGI as “a system that’s able to exhibit all the complicated capabilities that humans can.”
“We’re not quite there yet. These systems are very impressive at certain things. But there are other things they can’t do yet, and we’ve still got quite a lot of research work to go before that,” Hassabis said.
Hassabis isn’t alone in suggesting that it’ll take a while for AGI to appear. Last year, the CEO of Chinese tech giant Baidu Robin Li said he sees AGI is “more than 10 years away,” pushing back on excitable predictions from some of his peers about this breakthrough taking place in a much shorter timeframe.
Some time to go yet
Hassabis’ forecast pushes the timeline to reach AGI some way back compared to what his industry peers have been sketching out.
Dario Amodei, CEO of AI startup Anthropic, told CNBC at the World Economic Forum in Davos, Switzerland in January that he sees a form of AI that’s “better than almost all humans at almost all tasks” emerging in the “next two or three years.”
Other tech leaders see AGI arriving even sooner. Cisco’s Chief Product Officer Jeetu Patel thinks there’s a chance we could see an example of AGI emerge as soon as this year. “There’s three major phases” to AI, Patel told CNBC in an interview at the Mobile World Congress event in Barcelona earlier this month.
“There’s the basic AI that we’re all experience right now. Then there is artificial general intelligence, where the cognitive capabilities meet those of humans. Then there’s what they call superintelligence,” Patel said.
“I think you will see meaningful evidence of AGI being in play in 2025. We’re not talking about years away,” he added. “I think superintelligence is, at best, a few years out.”
Artificial super intelligence, or ASI, is expected to arrive after AGI and surpass human intelligence. However, “no one really knows” when such a breakthrough will happen, Hassabis said Monday.
Last year, Tesla CEO Elon Musk predicted that AGI would likely be available by 2026, while OpenAI CEO Sam Altman said such a system could be developed in the “reasonably close-ish future.”
What’s needed to reach AGI?
Hassabis said that the main challenge with achieving artificial general intelligence is getting today’s AI systems to a point of understanding context from the real world.
While it’s been possible to develop systems that can break down problems and complete tasks autonomously in the realm of games — such as the complex strategy board game Go — bringing such a technology into the real world is proving harder.
“The question is, how fast can we generalize the planning ideas and agentic kind of behaviors, planning and reasoning, and then generalize that over to working in the real world, on top of things like world models — models that are able to understand the world around us,” Hassabis said.”
“And I think we’ve made good progress with the world models over the last couple of years,” he added. “So now the question is, what’s the best way to combine that with these planning algorithms?”
Hassabis and Thomas Kurian, CEO of Google’s cloud computing division, said that so-called “multi-agent” AI systems are a technological advancement that’s gaining a lot of traction behind the scenes.
Hassabis said lots of work is being done to get to this stage. One example he referred to is DeepMind’s work getting AI agents to figure out how to play the popular strategy game “Starcraft.”
“We’ve done a lot of work on that with things like Starcraft game in the past, where you have a society of agents, or a league of agents, and they could be competing, they could be cooperating,” DeepMind’s chief said.
“When you think about agent to agent communication, that’s what we’re also doing to allow an agent to express itself … What are your skills? What kind of tools do you use?” Kurian said.
“Those are all elements that you need to be able to ask an agent a question, and then once you have that interface, then other agents can communicate with it,” he added.
Ryu Young-sang, CEO of South Korean telecoms giant SK Telecom, told CNBC that AI is helping telecoms firms improve efficiency in their networks.
Manaure Quintero | Afp | Getty Images
BARCELONA — Global telecommunications firms are talking up advances in key technologies like artificial intelligence as they look to transition away from being perceived as the “dumb pipes” behind the internet.
At the Mobile World Congress technology conference in Barcelona, CEOs of multiple telecoms companies described how they’re piling money into new technological innovations, including AI, next-generation 5G and 6G networks, satellite internet and even smart cities.
Makoto Takahashi, president and CEO of Japanese telecom giant KDDI, detailed plans to build a smart city dubbed Takanawa Gateway City in Tokyo, as well as roll out direct-to-cell satellite internet connectivity in partnership with Elon Musk’s Starlink venture.
Ralph Mupita, the CEO of Africa’s largest mobile network operator MTN, also took to the stage to share how the company has made significant strides toward becoming a company that offers both wireless connectivity and fintech services such as payments, e-commerce, insurance, lending and remittances.
“The telco business has served us well. It has iterated since. But the future is really about the future of platforms,” Mupita said in his keynote talk, adding the company has invested aggressively into other areas such as media streaming and financial services.
From ‘dumb pipes’ to ‘techcos’
Some lingo that has gathered steam in the telco industry for the last couple of years is the phrase “techco,” a portmanteau of the words “telco” and “tech.”
The term refers to the idea of a telco firm that operates more like a tech company — one that invests in cutting-edge technology and offers digital services to consumers to help them make money from the significant capital expenditures they’ve allocated to upgrading their wireless networks.
For two decades, tech giants such as Meta, Google, Amazon, Apple, Microsoft and Netflix have flourished in a world where content can be delivered directly to people’s devices, consumers can communicate seamlessly with one another, and data can be stored or streamed online without having to own cumbersome infrastructure — all thanks to innovations like the internet, smartphones and the cloud.
However, these innovations have disrupted telecom firms’ business models, to the point where they’re now often perceived as legacy players that are only there to lay down the cables and other network infrastructure that enable internet connectivity.
It’s a dilemma that’s earned telco brands the pejorative term “dumb pipes.”
“I remember early in the industry, even before mobile internet when SMS used to be the killer app,” Hatem Dowidar, CEO of UAE state-owned telecom company e&, said in a keynote speech at MWC. “We used to make messaging revenue. We used to make voice revenue.”
“All this over the years got disrupted by over-the-top players, to the point that today, a lot of telcos around the world are reduced to being a pipe of packets just getting data across the networks,” Dowidar added. “And competition is not staying still. They have the scale, they have the investment to go and disrupt even further.”
Telcos embrace AI
Ryu Young-sang, CEO of SK Telecom, told CNBC’s Arjun Kharpal that the South Korean telecoms giant has looked to AI technology to help it improve the efficiency of its wireless network — something that was consistently on display at numerous telco operators’ booths at MWC.
“For telcos, there are two aspects of AI. One is as a user, the other is as a supplier,” said Young-sang. “As a user, you are a telco business, you can improve your network efficiency, marketing and customer service by using the AI technology. You can improve your own operations.”
“The other aspect is, AI can be a growth engine, a new business opportunity for telcos,” he added. Data centers, the facilities that offer computing capacity needed to run generative AI applications like ChatGPT, are another key area where telcos like SK Telecom can play a key role, Young-sang said.
In the Western world, the race to build data centers is one that’s been mostly dominated by cloud computing giants — or “hyperscalers” — such as Amazon, Microsoft and Google. However, SK Telecom is aggressively expanding AI-ready data centers of its own globally, according to the firm’s CEO.
Can telcos catch up on tech?
For many telecom industry analysts, chatter about telcos seeking to transform themselves into tech players isn’t entirely new — companies in the industry have long been aware their relevance in communications and media has been dwindling.
Kester Mann, director of consumer and connectivity at market research firm CCS Insight, told CNBC that while he’s not a great fan of the “techco” term, it’s something the industry continues to focus on and has gathered pace in the context of the AI boom.
“AI can influence so many areas … and obviously that does play to that trend around telco to techco and operators positioning themselves more than just a connectivity provider,” Mann said.
So-called “autonomous networks,” or networks that can be managed and fixed with limited human oversight, is an area that’s quickly gaining traction in the industry, according to Nik Willetts, CEO of telco industry association TM Forum.
“Autonomous Networks is a movement we see moving from theory to reality incredibly quickly, thanks to advancements in AI combined with a new level of ambition and industry-wide action,” Willetts said.
This tech “can unlock a step-change in operating and capital efficiency, improving EBITDA and free cashflows, as well as unlocking new revenue opportunities and much-needed improvements in customer experience,” he added.
Jeetu Patel, chief product officer of IT networking giant Cisco, said he sees telcos playing a vital role as AI drives up demand for network traffic and bandwidth.
“The reality is this: the network bandwidth appetite is going to increase exponentially with AI,” Patel told CNBC. “Today, 100% of our workforce is human. Tomorrow, you will have that being augmented by AI agents, robots, humanoids, a lot of edge devices.”
“These agents are going to be more chatty and they’re going to require more network traffic and bandwidth,” he added. “I think service providers have a significant role to play. In my mind, the opportunity is not gone for them.”
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports12 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway