For many years, Congress has attempted and failed to empower Americans with control over their personal data, including rights to view, correct, and delete it. This lack of action leaves individuals vulnerable to data misuse while the data broker industry continues to gather and sell millions’ personal information, operating mainly unchecked.
States like California, Virginia, and Texas have started to address this gap. They have introduced laws demanding data brokers register with the state, respond to deletion requests, and disclose data collection practices. However, enforcement is uneven, and companies crossing state borders face minimal consequences for non-compliance.
Two new legislative efforts, the SECURE Data Act and the GUARD Financial Data Act, now test if Washington will manage to pull data brokers into legal accountability. Yet, obstacles against the SECURE Data Act and similar federal protections remain evident. In a June hearing by the House Energy and Commerce Committee, it emerged that some in Congress prefer not to override existing state data laws with national standards. Without federal action, a patchwork of protections based on location continues to disadvantage consumers.
A troubling aspect is that several companies avoid being categorized as data brokers to dodge existing regulations. Instead of selling personal details like traditional brokers, large data aggregators quietly collect online information, creating risk scores and behavioral profiles. These profiles affect real-world outcomes, such as mortgage approval and loan interest rates, yet evade the sparse consumer protections due to a gap in definitions.
Existing laws focus on firms earning at least 50% of their revenue from selling raw personal data. However, massive data aggregators sell derived conclusions from data, skirting regulations designed for data brokers. This industry remains largely unregulated due to this deliberate distinction.
The SECURE Data Act and GUARD Financial Data Act introduce essential steps toward accountability. The GUARD Financial Act defines financial data aggregators federally for the first time. The SECURE Data Act mandates data minimization, opt-in requirements, and sets up an FTC data broker registry.
Despite these advances, gaps remain. The SECURE Data Act’s revenue threshold excludes large data aggregators, as their income comes from derived profiles rather than raw data sales. Meanwhile, the GUARD Financial Data Act’s credential provisions focus on disclosures. This allows aggregators to harvest and resell data if buried within complex disclosures.
Although the SECURE Data Act allows consumers to opt out of specific profiling, it does not restrict the secondary use and sale of derived data like risk scores or behavioral profiles.
Gerard Scimeca, an attorney and co-founder of Consumer Action for a Strong Economy, a free-market consumer organization, emphasizes these ongoing challenges and efforts in the fight for personal data protection.
Garry Kasparov Reflects on AI Advancement 
Florida’s AI Data Center Legislation and Its Implications 
California’s New Laws Transform Daily Life 
China’s AI Chip Market Sees Shift Amid Nvidia’s Export Challenges 
Social Media Safety Advocacy 
The Debate Over a Misheard Word in E-Sports