As data broker registries take shape across the United States, noncompliance remains a critical issue, leaving consumers and authorities in the dark about how personal information is bought and sold. Four states—California, Texas, Oregon, and Vermont—have implemented mandatory registration requirements for data brokers, but enforcement challenges persist, revealing broader privacy concerns.
Last Monday, Texas sent violation notices to six companies that failed to register as data brokers, warning that noncompliance could result in fines of at least $100 per day. The companies put on notice include LoopMe Limited, Fifty Technology, Affinity Solutions, ZenLeads Inc., Spectrum Mailing Lists, and HubSpot Inc., according to public records obtained by Recorded Future News.
Escalating Enforcement Actions
The issue of unregistered data brokers extends beyond Texas. California has recently ramped up its enforcement efforts as well. The California Privacy Protection Agency (CPPA), which assumed responsibility for enforcing data broker registration on January 1, imposed fines on two companies, UpLead LLC and Growbots, Inc., amounting to approximately $35,000 each last month. These penalties followed an investigative sweep announced on October 30 to ensure compliance with the California Delete Act.
California’s Delete Act mandates penalties of $200 per day for brokers who fail to register by the annual deadline. Earlier, the state attorney general’s office fined Clearview AI $68,800 in 2022 for failing to register but issued no other penalties that year.
Disparities in Registration Numbers
A recent analysis by Privacy Rights Clearinghouse, an advocacy group, highlights significant disparities in the number of registered data brokers across the four states with registration requirements. Despite most brokers operating nationally, the numbers vary widely:
- California: 519 registered brokers
- Oregon: 206 registered brokers
- Texas: 217 registered brokers
- Vermont: 467 registered brokers
This inconsistency underscores the challenge of enforcing these laws and ensuring transparency in the data broker industry.
Consumer Awareness and Enforcement Challenges
Experts argue that many data brokers fail to register due to a lack of awareness or deliberate noncompliance. This failure leaves consumers unable to identify businesses that trade their personal information, making it difficult to exercise their privacy rights under state laws.
Emory Roane, associate director of policy at Privacy Rights Clearinghouse, noted via email, “All it takes is one look at the brokers that are registered already to realize that most people have no idea these data brokers even exist, much less which ones are buying and selling their personal information. For the many brokers we know aren’t registered, consumers simply have no way to find these businesses to try to exercise their privacy rights.”
The advocacy group plans to share its findings with enforcement authorities in the new year, potentially fueling broader crackdowns.
Broader Implications for Privacy and Regulation
The noncompliance of data brokers has far-reaching implications for consumer privacy. By failing to register, these entities operate largely in the shadows, complicating efforts to regulate their activities and protect personal data. Advocates argue that robust enforcement and greater public awareness are critical to addressing the systemic issues within the data brokerage industry.
With penalties mounting and enforcement actions ramping up, the pressure is on for data brokers to comply. As states continue to refine their privacy laws, the disparities in registration numbers and enforcement highlight the urgent need for a more unified national framework to regulate the industry effectively.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
