105 Iowa L. Rev. 865 (2020)
Download PDF
Abstract
In the United States, there is a billion-dollar industry that revolves around consumer data, but most consumers do not know it exists. Data brokers are companies that collect information from consumers to buy and sell. These companies also derive further valuable information from consumers. Data brokers use their data for several things, one of which is for marketing purposes. In the United States, there is no legislation on the federal level to regulate the collection and use of this data by data brokers. The United States has failed its consumers by not providing regulation. There are a few states that have taken initiative to protect consumer data online, namely Vermont and California. Additionally, the European Union recently implemented the General Data Protection Regulation (“GDPR”). The GDPR provides a vast range of protection for EU citizens concerning their online data. Congress should follow guidance from Europe, California, and Vermont regarding digital consumer privacy. Congress should include in its legislation: a meaningful notice-and-choice requirement, an option for consumers to have access to and the ability to edit data held by data brokers, require companies to minimize the amount of the data that they collect and retain, have strict penalties for noncompliance, and create quasi-governmental entities to assist in regulation.