Blog: Big Banks, Big Tech, Big Data: People Left Vulnerable to the Relentless Commodification of their Sensitive Data

by afr-team in Commentary

Big Banks, Big Tech, Big Data: People Left Vulnerable to the Relentless Commodification of their Sensitive Data 

By Ivan Cazarin

The combination of Big Banks, Big Tech, and Big Data have converged to rampantly collect and commodify people’s most private information and financial data. These companies are surveilling every bank transaction, mouse click, cell phone tap, and online purchase. From the smartphones in people’s pockets, they gather highly sensitive and personal information including the exact geolocation where people lay their heads to rest, visit their doctors, or practice their faith. Banks and tech platforms sell this information to data brokers that make fortunes amassing and selling this private information to practically any willing buyer.  The data collection is poorly disclosed — often in the fine print terms of service — or even undisclosed and most people are unaware their data is collected and commodified. 

Too often the companies that profit from collecting and selling this data fail to protect this personal information from data breaches and cyberattacks that leave customers vulnerable to identity theft, financial losses, and emotional strain. In 2024 some of the biggest data breaches in financial services lost the customer records of over 31 million customers in cyberbreaches that exposed personally identifying information (like account and social security numbers). The failure of financial firms to protect our personal data from surveillance, sales, and breaches demonstrates the dire need for federal data privacy protections. 

This month, Gravy Analytics, which collects, processes and curates more than 17 billion signals from people’s smartphones, was seemingly hacked by foreign actors, who posted a 17 terabyte trove of data “proving” the hack. It is unbelievable but sadly true that companies are allowed to harvest and sell information as sensitive as geolocation with little to no accountability when they fail to protect that data. 

Banks have lost mountains of personal data as well. In 2019, Capital One failed its customers after a preventable data breach released the personal information of 100 million customers. Capital One brags about its data collection, aggregation, and analytics, including running 80,000 annual experiments to test consumers’ willingness-to-pay (the upper limits of what interest rates and fees they would accept) in order to lock in higher prices and extract economic value from its consumers. Capital One has been trying to take over the credit card company Discover, which would expand its weak privacy protections over consumer data and enable it to exploit Discover customers’ personal information and undermine their privacy.

Legislation introduced late last year would protect people from data harvesting and financial data breaches. A bill from Senators Elizabeth Warren (Mass.), Bernie Sanders (Vt.), Ron Wyden (Ore.), and Sheldon Whitehouse (R.I.) bans brokers from selling the location and health data of consumers, right-sizing data brokers and cracking down on the $200 billion data broker industry that remains practically unregulated by federal law. Another bill from Senators Warren, Mark Warner (Va.), and Jeanne Shaheen (N.H.) as well as Rep. Raja Krishnamoorthi (Ill.) would give the FTC authority over data security at credit bureaus (which collect reams of personal information and financial transaction data), impose severe penalties for credit bureau data breaches, and compensate people for stolen data. AFR’s Senior Policy Counsel Christine Chen Zinner stated “This legislation provides powerful tools to incentivize robust data protection and hold companies accountable for data breaches and identity theft.” 

This round-the-clock surveillance that collects and commodifies intimate consumer data represents the alarming risks that emerge from the convergence of technology and finance. Capital One is testing how much credit card interest people are willing to pay and other companies are rolling out “dynamic pricing” strategies that weaponize collected data to charge varying prices to different customers for the exact same product. As surveillance reaches new heights, consumer data has emerged as the new profit frontier for financial and other companies that analyze consumer data to push-market their products. Congress must step up to protect people from corporate surveillance that profits from privacy violations and non-consensual personal data harvesting and commodification.

###

Tagged with: