The researcher who wrote one of the most cited guides to getting your information out of data broker databases came to Washington with different advice about the problem: ask your lawmakers to do their jobs.
In a talk Saturday afternoon at the ShmooCon security conference, Yael Grauer, a program manager for security research at Consumer Reports’ Innovation Lab, likened the never-ending task of ditching data broker listings to a game of Whac-A- Mole that you can play. in arcades – the only price here is the need to keep playing this game.
“It’s like Whac-A-Mole, because it keeps popping up,” she said. “It’s very annoying.”
Grauer knows this all too well, having maintained the Big Ass Data Broker Opt Out List (BADBOOL) since 2017. This guide summarizes and links instructions for opting out of dozens of data brokers that you might otherwise sell your information to advertisers, auto insurers. police departments, even the National Security Agency.
But there are so many data brokers and so many sources of data they absorb, a permanent retreat from their collective attention is impossible. Personal data removal services like DeleteMe offer to do this work on your behalf for annual fees, but the study Grauer worked on for CR found many of them “not that effective,” she said at ShmooCon.
That study (PDF), published in August, gave Optery and EasyOptOuts the highest marks, but Grauer found they still had some work left to pull off. “None of these services cover everything,” she cautioned.
“If even the experts in this industry can’t keep their data private, what chance does that have for the rest of us?” asked Grauer. “We need a political solution because we can’t graduate from this perpetual game of Whac-A-Mole without doing that.”
Congress has proven remarkably incapable of passing a comprehensive federal privacy law, but some states have moved forward with their own statutes. Grauer pointed to the California Deletion Act, which would create a universal opt-out system through a state registry of data brokers, something proposed at the federal level three years ago in a bipartisan bill that has since it went nowhere in Congress.
“It’s something that people have been asking for for a really long time,” Grauer said.
Recommended by our Editors
Other state statutes place significant restrictions on the data brokers collect. Grauer cited Maryland’s Online Data Privacy Act, which prohibits the sale of “sensitive data,” as a good example. But, she added, those laws also generally include carve-outs that allow brokers to deal with “publicly available information” — which can include home addresses, as state and local property tax assessment sites index them.
Grauer expressed little hope that Congress will step up, but pointed to the Consumer Financial Protection Board’s proposal to impose additional controls on data brokers by classifying them as “consumer reporting agencies” subject to the Act. Fair Credit Reporting. She asked attendees to share their privacy expertise with the CFPB through the public comment form, which is open for input until March 3.
But ShmooCon attendees and anyone else hoping to see the board move forward on this front should also be prepared to talk to their House and Senate representatives about protecting that independent agency. Many of President-elect Trump’s supporters oppose the existence of the CFPB. The Heritage Foundation’s Project 2025 policy plan calls it unconstitutional, and Elon Musk tweeted in December that it should be scrapped — but only Congress can repeal the board.
Like what you’re reading?
Register for Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. By clicking the button, you confirm that you are over 16 years of age and agree to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
About Rob Pegoraro
contributor
