Select Page

A bipartisan group of U.S. legislators have introduced a bill that aims to close legal loopholes in federal law permitting data brokers and other firms to sell people’s personal information — including mobile location data and other information gathered and used for advertising — to the government and law enforcement without a court order. 

Here’s what the bipartisan Fourth Amendment Is Not For Sale Act, sponsored by Oregon Democratic Sen. Ron Wyden, would do if passed into law:

  • The bill would stop law enforcement and intelligence agencies from obtaining data on people in the U.S. and about Americans overseas through purchase, service fees or other value exchange, if the data was gathered from someone’s account or device or by deceptive activity like hacking or violations of a contract, privacy policy or terms of service.
  • By requiring law enforcement and government agencies to obtain a court order to get data about people from data brokers, the bill aims to ensure the agencies can’t circumvent current laws that restrict how they can access Americans’ information. Court orders are already necessary to compel tech firms and telcos to hand over data for investigations.
  • The bill signals broad bipartisan interest from federal lawmakers in how information — that may not exist if it weren’t for being packaged and sold for the digital ad market — is sold, to whom and for what purposes. The bill is co-sponsored by several other senators including former Democratic presidential contenders Sens. Elizabeth Warren of Massachusetts, Cory Booker of New Jersey and Vermont’s Bernie Sanders as well as Republican Sens. Rand Paul of Kentucky and Mike Lee of Utah, ranking member of the  antitrust and consumer rights subcommittee.

Implications for the advertising industry

The proposal has a direct connection to the world of advertising data. For example, data brokers such as aggregators of mobile location data supply advertisers with information used to track people within specific geolocations and target ads to them. The bill specifically covers data such as location data or the contents of a communication (think a text message or email or photo), and a statement about the legislation provided by Wyden’s office, names data provider Venntel as one selling location information to government agencies. But it’s not just about location data. The statement also mentions Clearview AI, which has used photos from social sites to train its facial recognition system which is employed by law enforcement.

The digital ad industry’s largest trade group, the Interactive Advertising Bureau, supports the bill and has been among entities that have engaged with lawmakers and their staff since late last year in drafting it. “The IAB is going to support the bill,” Dave Grimaldi, EVP for public policy at the IAB told DIgiday. Other supporters include the Network Advertising Initiative, American Civil Liberties Union, Electronic Frontier Foundation and Mozilla.

Some of these same lawmakers are inspecting digital ad firms like AT&T, Google and Magnite 

As with a lot of legislation, this bill is representative of a larger effort among some of the same legislators to scrutinize how data flows from commercial enterprises, such as those operating in the digital ad industry, to foreign governments or other entities for whom that data may not originally be intended. Some of the legislators who have signed onto this bill also recently have criticized and questioned the use of mobile location data and other information gleaned from the digital ad bidstream pulsing through automated real-time ad auctions. Three of the bill’s co-sponsors — Wyden, Warren and Democratic Sen. Sherrod Brown of Ohio — sent letters in early April to companies with digital ad services: AT&T, Index Exchange, Google, Magnite, OpenX, Pubmatic, Twitter and Verizon.

The lawmakers want to know what types of data about people’s devices, apps and website behavior ends up in ad auction bidstreams, whether these firms have restrictions on how that information is sold or shared, if they conduct audits to ensure contractual obligations of partners are met and which foreign-based companies they have distributed bidstream data to. The companies have until May 4 to respond, and none have responded yet, according to Wyden’s staff.

Bidstream data and why legislators care about it

Legislators have referred to data siphoned from the bidstream as a tool of surveillance that can be exploited by government intelligence agencies and police. Bidstream data gives advertisers who bid on ad space through real-time exchanges information about people who will be reached with a targeted ad. It can include demographic, interest data and latitudinal and longitudinal coordinates showing people’s precise locations. These data points can be extracted by ad tech and data firms that participate in ad auctions – even if they don’t win the bid. They suck up this information to produce other data products or to package it to sell as targetable audiences of people in the market for, say, sneakers or an SUV.

This bill is consistent with a pattern of interest in the alternative uses of data fueling the digital ad industry. Those letters sent in April to ad tech firms state, “Few Americans realize that some auction participants are siphoning off and storing ‘bidstream’ data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments.” That same language showed up in a July 2020 letter sent to the Federal Trade Commission by a bipartisan group of legislators including Wyden asking the agency to determine whether ad tech data practices violate the FTC act. And there’s more: Warren and other lawmakers also sent questions last year to location data provider Mobilewalla, asking the company to provide details of its “disturbing” use of bidstream data.

A lack of self-regulation

There are no industry standards or rules established by the IAB or Mobile Marketing Association against the practice of bidstream data siphoning or about data sales to governments. In part because it stretches the meaning of consumer consent for data use, the practice of bidstream data siphoning is not often discussed openly by companies that employ it or agencies and advertisers that buy data built from it. But the IAB does have something to say about it: “We have always said that we feel advertising data should be used for advertising purposes,” said Grimaldi.

The role of location data in advertising

Agencies say they are moving away from data suppliers without direct connections to the point at which data is gathered, such as mobile location data providers. Meanwhile, some mobile data company execs say practices like bidstream data siphoning are happening less than in the past. “If it’s happening, it’s happening much less overall,” said Ken Harlan, CEO of MobileFuse, who said the company does not buy or repurpose bidstream data. 

But, another location data provider that sells to digital advertisers, SafeGraph, received a big funding round in March of $45 million. A company spokesperson told Digiday that SafeGraph does not get its data from the bidstream; rather, like many mobile location providers, it gets it from partnerships with mobile app providers. And like many location data suppliers, it won’t name those app publishers.

The post Cheat Sheet: Why Advertisers Need to Know about the ‘Fourth Amendment Is Not For Sale Act’ appeared first on Digiday.