The Department for Science, Innovation and Technology (DSIT) has put out a ‘call for views‘ on data brokers, in terms of national security. As DSIT says, there’s potential for ‘hostile actors, such as cyber criminals, to acquire UK data on the open market’. Those with malign or criminal intent could exploit this, and data brokers themselves, ‘tainting an otherwise important market, to access large amounts of UK data’, whether for identity theft and financial scams, or misinformation campaigns and cyber attack.
DSIT noted that data brokers and data broking are not defined in UK law, though varying definitions can be found in international jurisdictions. DSIT came up with a definition of data broking as ‘the practice of obtaining and trading or licensing data, data products and services to third parties’; such as, for advertising and marketing campaigns, credit and background checks and assisting public bodies in fraud prevention. Data online or offline can be turned into commercial products. Data brokers are in scope of security and privacy legislation, such as UK General Data Protection Regulation (GDPR, which although a European Union rule, still applies to the UK) and, the Data Protection Act (DPA) 2018 (which brought in GDPR).
The call for views noted that the ‘data broker industry is a complex ecosystem, and there is a lack of publicly available information profiling the industry’s customers and main beneficiaries’.
