PIRG’s comments to the FTC commercial data forum

There are real harms when corporate actors monetize our personal data. The time to act is now.

A person walks through a dark parking lot surrounded by digital lines as if they're extracting data from them
Pixabay user Buffik | Pixabay.com
Data collected on us by companies is used to figure out who we are, what we care about, and what we can be made to buy.

The Federal Trade Commission held its Commercial Surveillance and Data Security Public Forum today. PIRG presented a public comment, below.

My name is R.J. Cross with PIRG – the Public Interest Research Group. Thanks to the FTC for putting together this forum and for its larger investigation into the monetization of personal data by corporate actors and the real and potential harms that come with it. 

Because there are real harms, and they’re harms that we need to address.

For one, corporate data collection has given scammers unprecedented reach to find victims.

In 2021 the Department of Justice took action against 3 data brokers that were knowingly generating and refining lists of potential victims for predatory operations. 

The scams went like this: send a mailer saying the victim had won thousands of dollars in a fake sweepstakes that could be claimed by paying a fee.

The mailers were sent to people identified by these data brokers as most likely to fall for it, and their lists were largely made up of the elderly or cognitively impaired, including individuals with Alzheimer’s.

If someone responded to a scam once, they were likely to respond to a scam again. And so these brokers contracting with new scamming companies running new schemes used the same victims, over and over again. These brokers also used the data on who fell for it to create models to find new additional ideal victims. 

All of these companies pled guilty and had to pay fines. Which is great – they should be held to account for the gross exploitation of swindling dementia patients. 

But the oversight of these companies’ future activities is incredibly limited. The business model remains intact. It’s going to take something larger to stop these practices. It’s going to take new rules, and real rules. 

And now is the time to act. 

Because the case of scammers is one of the most blatant examples of how data falling into hands seeking to make a buck off of what they can learn about us causes real harm. But there are other harms. And the commercial surveillance business model is only in its infancy. 

New technologies are soon going to be adopted widely by the public, like AR/VR goggles that in a single second of use generate 90 data points on our body language. There will soon be databases of our behavior far beyond what any psychologist or business has ever seen. And it will be information that can be used to identify our weaknesses, our fears, our personal gullibilities and how to exploit them. 

PIRG asks the FTC to act.


R.J. Cross

Director, Don't Sell My Data Campaign, PIRG

R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, consumer debt and predatory auto lending, and has testified before Congress. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder. Though she lives in Boston, she will always consider herself a Kansan at heart.