Incogni estimates that it would take 300+ hours of work to complete even a single round of opt-out requests.
There could be loads of your personal data floating around online, owned by various companies. Personal data has become the basis for a new and lucrative business generating a turnover of billions of dollars. Fortunately, there are laws protecting your right to have that data removed – but, as it appears, it’s not as easy as it may seem. Incogni, a digital privacy agent that helps wipe broker-owned personal data on behalf of a user, ran a study to investigate if data brokers are willing to comply with our right to know what information they have on us.
Personal data has become the basis for a new and lucrative business generating a turnover of billions of dollars
“Data privacy is becoming an increasingly alarming issue, yet many people are still unaware of the hidden market that data brokers operate in. As the sensitivity and scope of data they possess widen, so does the need to be able to opt out of it. However, based on recent studies, the actual process of taking back data has been shown to be an extremely tedious procedure, which requires legal knowledge and lots of persistence,” says Darius Belejevas, Head of Incogni.
Contacting a broker: no guarantees of success
We wanted to test how easy it is to remove personal data, so we reached out to 36 data brokers (26 of which are newcomers to the market) with requests to disclose our data. 9 companies (25%) didn’t reply to us at all.
After our email experiment was concluded, the numbers showed that only 27 out of 36 brokers (75%) responded to our requests.
Data brokers aren’t always responsive to such requests. Even when they respond, they are likely to make the person making the inquiry jump through several hoops, like providing a copy of their personal ID or filling out forms.
Out of 10 largest data brokers that responded, only 5 replied to our emails within a month. For those that never got back to us, we sent a letter crafted with the full help of our legal department. As there are multiple state agencies tasked with overseeing data protection, this helps motivate the data brokers to be more forthcoming with our data.
On average, data brokers responded to our emails in 3 and a half days. For an established broker, that number grew to almost two weeks. That’s two weeks just to get a response to your first email – plenty of time to forget that you sent it in the first place.
But it doesn’t end there. A summary of what data they had about us or that the broker didn’t have our data – took a little over 6 days from our first letter with new data brokers and more than 20 days with established ones. That’s nearly a month for a seemingly easy task that should be done along clearly-established company lines.
Requesting data to be removed from each company individually is a wild goose chase. With hundreds of data brokers registered in the US alone, it would take dozens of well-placed opt-out requests to take a single person’s data off the market. Incogni estimates that it would take 304 hours of work to complete even a single round of opt-out requests.
Get some aid in reclaiming your privacy
Article 15 of the European General Data Protection Regulation (GDPR) and others, like the California Consumer Privacy Act (CCPA) states that a person has the right to know what information the data brokers have collected on them.
With so much of your data floating around online, it would take you ages (and a lot of patience) to find and remove it all manually. This is something you should consider when fleshing out your social media profiles, filling out online forms, and signing up for newsletters.