The researcher who wrote one of the most-cited guides to getting your information out of data brokers’ databases came to Washington with different advice about that problem: ask your lawmakers to do their job.
In a talk Saturday afternoon at the ShmooCon security conference, Yael Grauer, a program manager for security research at Consumer Reports’ Innovation Lab, likened the endless task of opting out of data-broker listings to the Whac-A-Mole game you can play at arcades—with the only prize here being the need to keep playing this game.
“It is like Whac-A-Mole, because it keeps cropping up,” she said. “It’s very annoying.”
Grauer knows this too well, having maintained the Big Ass Data Broker Opt-Out List (BADBOOL) since 2017. That guide summarizes and links to opt-out instructions at dozens of data brokers that might otherwise sell your information to advertisers, auto insurers, police departments, and even the National Security Agency.
But there are so many data brokers and so many sources of data that they ingest, a permanent opt-out of their collective attention is all but impossible. Personal data-removal services such as DeleteMe offer to do this work on your behalf for annual fees, but the study Grauer worked on for CR found many of them “not that effective,” she said at ShmooCon.
That study (PDF), published in August, gave its highest grades to Optery and EasyOptOuts, but Grauer found that they still left some opt-out work for her. “None of these services cover everything,” she warned.
“If even experts in this industry cannot keep their data private, what recourse does that have for the rest of us?” Grauer asked. “We need a policy solution, because we cannot graduate from this game of perpetual Whac-A-Mole without doing that.”
Congress has shown itself remarkably incapable of passing a comprehensive federal privacy law, but some states have moved ahead with their own statutes. Grauer pointed to the California Delete Act, which will establish a universal-opt-out system through a state-run registry of data brokers, something proposed at the federal level three years ago in a bipartisan bill that then went nowhere in Congress.
“It’s something that people have been asking for for a really long time,” Grauer said.
Recommended by Our Editors
Other state statutes place meaningful limits on data brokers’ collection. Grauer cited the Maryland Online Data Privacy Act, which bans selling “sensitive data,” as a good example. But, she added, these laws also generally include carve-outs allowing brokers to deal in “publicly available information”—which can include home addresses, since state and local property-tax-assessment sites index them.
Grauer expressed little hope that Congress will step up but did point to the Consumer Financial Protection Board’s proposal to impose additional controls on data brokers by classifying them as “consumer reporting agencies” subject to the Fair Credit Reporting Act. She urged attendees to share their privacy expertise with the CFPB through its public-comments form, which is open for input through March 3.
But ShmooCon attendees and anybody else hoping to see that board move forward on this front should also be prepared to talk to their House and Senate representatives about protecting that independent agency. Many of President-elect Trump’s supporters oppose the CFPB’s existence. The Heritage Foundation’s Project 2025 policy blueprint calls it unconstitutional, and Elon Musk tweeted in December that it should be deleted—but only Congress can abolish the board.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Rob Pegoraro
Contributor
