Why Weak Data Privacy Regulation Hurts Latino Communities The Most

Reporter Karina Montoya explains how the unregulated market of data brokers enables criminals to target vulnerable communities.

This is a translation of the op-ed Por qué la precaria privacidad de datos hiere sobre todo a las comunidades latinas, published in El Tiempo Latino. 

About a month ago, a Lyft/Uber driver, who we can call Ramon, asked me if I could helped him read a letter in English from the D.C. Department of Motor Vehicles. “I think it’s a scam, but I’m not sure,” Ramon told me as he retrieved the letter from the glove compartment. Originally from Bolivia, Ramon is a 60-year-old retiree who has worked as a cook for more than 25 years in D.C. and Virginia. He speaks good English, but he prefers to get help when reading documents, he told me.

The letter actually did look like a scam. At least to me, cursed with an obsessive attention to detail, it was clear that the font and letter head were not official. The content, however, sounded quite convincing, especially for someone like Ramon, who could easily be caught in a moment of insecurity. The letter gave detailed information about speeding tickets that remained unpaid. “I already paid all my speeding tickets months ago. I keep scanning the QR code on the letter to see what the tickets are about, but it doesn’t show anything. What do you think I should do?” he asked, visibly concerned.

Ramon is the perfect target for scammers: foreign-born, Latino, Brown, more than 50 years old, and with a steady stream of income. Criminals have always used scams to exploit vulnerable communities, but what is new is the ease with which just about anyone can access detailed personal information to target potential victims like Ramon with specific scams. Federal Trade Commission data shows Latino and African-American communities are disproportionally targeted by fraudsters online as well as offline. Across racial groups, Latinos are the most affected: two in five adults are targeted by scams, and one in five lose money to these tactics, according to a survey by the American Association of Retired Persons. The top fraud categories targeting Latinos are government impostors, utility scams, and grandparent scams – in which fraudsters impersonate grandchildren or other younger family members asking for money.

How can scammers get a hold of our names, postal addresses, phone numbers, and know what we may be more susceptible to believe? Thanks to a combination of invasive tracking technologies and a lack of comprehensive data privacy rights, communities of color in the U.S. suffer the most from the exploitation of their data collected on social media, websites, and just about any app they use.

Data brokers are the main enablers of this system. The most problematic can be divided in two categories: people search sites such as Spokeo or PeopleSmart, where one can buy access to emails, phone numbers, and sometimes postal addresses of specific individuals; and companies that sell consumer data for advertising purposes, such as Criteo, Datalogix (owned by Oracle), or the marketing divisions of well-known credit report agencies, such as Experian or Equifax. In Europe, many of these companies have been accused of not complying with that region’s General Data Protection Regulation.

Unbeknownst to us, data brokers collect all our publicly posted information from big and small digital platforms, and they can also buy information that is not public. As reported by Vice, data brokers can obtain property and court records from public sources, and buy our shopping histories (containing dollar amounts, dates, loyalty cards and payment used) from retailers and catalog companies. A big data source is also social media like Facebook, Instagram, YouTube, and a variety of other apps we use. Remember those personality quizzes that were so popular on Facebook? They were probably produced by data brokers to profile people for advertising, based on their answers, as well their location and phone device.

Data brokers aren’t regulated the same way other entities that manage our data are, such as hospitals or healthcare plans, banks, and credit report agencies. Legally, they aren’t classified as “data brokers” either — although that is what they do. In practice, this means such companies can build consumer profiles and resell that data on the open market, with very few controls, explained Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, in a testimony to Congress in 2021. The most compelling proof about how easy it is to access very sensitive personal information is a recent study by Duke University’s Sanford School of Public Policy. From a sample of 37 data brokers, 26 confirmed they had information about Americans’ mental health, specifically people with anxiety and depression. Moreover, 11 of these companies were willing and able to sell the data – many of them without adding specific controls to how it would be used. The costs ranged from $275 per 5,000 aggregated records to $100,000 a year for a subscription to access unlimited records on Americans’ mental health conditions.

Mental health is a very sensitive subject among Latino communities. Not only is there the widespread idea that seeking this type of care makes us weak, but costs to access in-person care have always been out of reach for many. As the pandemic accelerated the digitization of these services, health apps from digital companies have become very popular today, with downloads increasing by 200 percent between 2019 and 2020. Unfortunately, this is also a space where Latinos’ privacy is vulnerable, as surveys show they are 20 percent more likely to use a health app than white individuals.

The gray legal areas in which digital companies operate, based on unfettered personal data collection, pose disproportionate risks to Latino communities. Current regulation isn’t enough to mitigate such risks, so it will take a new legislative effort to protect our privacy in comprehensive ways. Hundreds of companies profit from our personal data, enabling scammers to exploit the vulnerability of people like Ramon, who shouldn’t bear the onus of protecting himself from these complex systems no one imagined would engulf our everyday life like they do today.

 Read full article in Spanish here.