Who are the Data Brokers Spending Big Bucks to Lobby Congress?

Image by: Sébastien Thibault

Data brokers’ millions of dollars in lobbying spending in 2020 rivaled that of some Big Tech firms

By Alfred Ng and Maddy Varner

The data brokers who’ve made fortunes from collecting and sharing millions of people’s personal information tend to fly under the radar. Names like LiveRamp or RELX might not be familiar to most Americans, but they’re making themselves known on Capitol Hill.

Collectively, data broker spending on lobbying in 2020 rivaled the spending of individual Big Tech firms like Facebook and Google. The Markup searched lobbying disclosures in the U.S. Senate’s database and the watchdog Center for Responsive Politics’ tool for the names of companies that registered as data brokers in or . Those states are the only two that require companies to annually disclose that they collect, sell, or share people’s personal information without having a direct relationship to them.

All in all, we found 25 companies whose combined spending on federal lobbying totaled $29 million in 2020. Many of the top spenders were not pure data brokers but companies that nonetheless have massive data operations. Oracle, which has spent the past decade acquiring companies that collect data, spent the most by far, with disclosure documents showing $9,570,000 spent on federal lobbying.

For comparison, of the Big Tech firms with heavy lobbying presences, Facebook spent $19,680,000, Amazon $18,725,000, and Google $8,850,000 in the same period, according to the Center for Responsive Politics. Public Citizen, a consumer advocacy group, found that Big Tech spent .

Oracle has its own data collection arm but has also built its portfolio by buying up companies like , Compendium, and Crosswise. The companies, which were acquired in 2012, 2013, and 2016, respectively, take data from a variety of sources. DataRaker gets data from millions of smart meters and sensors for utilities companies, while Compendium delivers targeted ads. Crosswise allows Oracle to track people across devices, claiming to process data from billions of devices every month.

Oracle also acquired , in 2014, which connected offline purchases to online profiles. Additionally, Oracle combines datasets from more than 75 other data brokers, which it calls “the world’s largest collection of third-party data.”

Our report comes as the data broker industry is not only growing but also facing scrutiny for the first time. California recently passed a statewide privacy law that establishes an agency focused on regulating data privacy issues. Virginia and Maine have also passed regulations to protect people’s online information.

California’s and Virginia’s privacy laws hit at the core of what data brokers do by requiring companies to delete data collected about people upon request and allowing people to prevent their personal information from being used for targeted advertising. Maine’s privacy law prevents internet service providers from sharing personal information with data brokers until people give “express, affirmative consent.”

And the past year also saw concerns raised about how well these brokers protect their massive troves of data—Oracle, for instance, after security researchers found were left exposed on a server.

The Markup contacted all 25 companies for comment on their lobbying activities. Several companies, like Inmar Intelligence and LiveRamp denied being data brokers, though they had self-identified as such to California and/or Vermont regulators.

“Inmar Intelligence does not generally consider itself a data broker though one of our entities, Inmar-OIQ, LLC, is registered as such in a couple of states,” Holly Pavlika, a corporate marketing senior vice president for Inmar Intelligence, said.

The industry itself is hard to define—many companies, including tech giants, make money off of personal data, though the technical details of how they use that data vary. So The Markup relied on companies that self-reported to and as members of the industry. The list, 480 companies long, shows just how pervasive it has become for companies to traffic in personal information.

The list includes businesses that are primarily data brokers, like CoreLogic, which claims to have collected data on 99 percent of property and homeowners in the U.S. and spent $215,000 on lobbying in 2020; and Acxiom, which spent $360,000 on lobbying in 2020 for issues related to data security and privacy. Acxiom’s InfoBase boasts of datasets on more than 250 million people and collects information including location data, purchases, interests, life events, and behaviors, according to its marketing material.

Our list also includes credit monitoring services like TransUnion, Equifax, and Experian, which each spent about $1.4 million lobbying in 2020 on issues related to credit score reform, like the of 2020, the Credit Access and Inclusion Act of 2019, and the of 2019. TransUnion also owns subsidiaries like Callcredit, Iovation, and Signal, which has been used for collecting and profiling users for gambling apps, .

Notably, our tally also does not include lobbying by trade associations that data brokers are a part of, such as the Interactive Advertising Bureau and the Digital Advertising Alliance.

Of the data brokers who spent the most on lobbying, Oracle far outspent its peers

Oracle, the biggest spender, used lobbyists to advocate on issues like annual defense and intelligence budgets and “competition and antitrust in the mobile telecommunications and digital advertising industries,” according to .

The company didn’t respond to requests for comment.

The second largest spender was Accenture—a technology and consulting company that boasts a marketing and analytics branch called . According to its , the company can combine datasets from sources including people’s purchase history and location to help its clients build customer profiles for advertising.

In 2020, the company spent $3,250,000 lobbying on issues like artificial intelligence, the , and COVID-19 contact tracing, according to public records.

When The Markup reached out to Accenture, the company pointed us to two statements CEO Julie Sweet made on data privacy legislation in 2018. The statements called for a federal privacy law that would preempt state laws.

PricewaterhouseCoopers, a major accounting firm, spent $2,820,000 lobbying the federal government in 2020, third most among registered data brokers.

$29M The total amount 25 data brokers spent on federal lobbying in 2020.

PWC collects data from advertising networks and data analytics partners including personal information like names and addresses, which it uses to help clients personalize advertising campaigns, .

Spending went to monitoring privacy legislation and accounting and auditing issues.

PWC didn’t respond to a request for comment.

Other big spenders included Deloitte, which was awarded a $106 million contract to build a development environment for the Joint Artificial Intelligence Center this summer. The company spent $2,400,000 on federal lobbying in 2020, including on bills like the and the .

Deloitte is an auditing and advisory company but provides services like , which uses information including people’s hobbies, interests, and financial data to generate a health risk prediction score and help life insurance companies figure out how likely people are to buy their products.

And RELX, which spent $2,375,000 on federal lobbying in 2020, including on data privacy bills like the , the , and the ; and on bills related to data privacy and COVID-19, including the and the .

RELX is a major data broker that owns companies like LexisNexis and ThreatMetrix, which has customers in law enforcement, insurance, and financial services. ThreatMetrix alone boasts tracking on 4.5 billion devices, from RELX in 2018.

Deloitte and RELX didn’t respond to a request for comment.

In addition, many other data brokers spent lower amounts on lobbying efforts

An Industry Increasingly Under Fire

Some of the bills targeted by lobbyists would have regulated the data broker industry, though disclosures do not specify whether they lobbied for or against the bills.

The Data Accountability and Trust Act looked to establish security standards and require postbreach audits for data brokers and also prohibit collecting information under false pretenses. The Information Transparency & Personal Data Control Act would have required data brokers to get consent to collect sensitive data and go through an annual privacy audit.

The Data Broker Accountability and Transparency Act of 2020 wanted to mandate opt-outs from data brokers and for the FTC to create a national list of data brokers.

While lobbying records don’t always list specific bills, filings show that RELX paid lobbyists to address all three bills. Deloitte records show that some of its lobbying efforts went toward addressing the Data Accountability and Trust Act.

Both COVID-19 data privacy bills looked to provide stronger controls over data related to contact tracing.

None of the bills named in this story passed Congress, except for the National Defense Authorization Act, which was enacted.

Some of the companies that showed up in lobbying records faced other sorts of pressure during 2020.

For instance, Apple and Google from their app stores last December following a series of reports from on how the location data broker was providing information to contractors who passed that information to the U.S. military. X-Mode spent $30,000 on lobbying in the last quarter of 2020, during the height of the public pressure.

Both and , another location data broker, which spent $160,000 on lobbying, are facing scrutiny from Congress over their location data sales. Sen. Ron Wyden, a Democrat from Oregon who signed on to , called the data broker industry “out of control,” in a statement to The Markup.

“Americans are learning more every day about the secretive and shady data broker industry and they’re demanding new laws to protect our privacy,” Wyden said in the email to The Markup. “It’s no surprise data brokers are trying every avenue they can think of to ward off the common sense protections Americans desperately need.” -Sen. Ron Wyden

X-Mode and Venntel didn’t respond to a request for comment.

Some companies said they were lobbying to have a voice on legislation, including potential federal laws on privacy.

“With increased momentum, attention and legislative activity in multiple states, we support a federal data privacy law that can rebalance the system and set standards that rebuild trust with the people providing the data—consumers,” Christine Travis, a senior communications director for LiveRamp, said in an email. “A federal approach to data privacy and security is better than a patchwork of state laws for all stakeholders.”

When somebody shows up on the lobbying records, it just tells me they see a real threat to their business model. -Hayley Tsukayama, Electronic Frontier Foundation

LiveRamp was the top lobbying spender among companies whose for advertising purposes. The company, which connects people’s activity across the web and from offline purchases for advertisers, spent $630,000 on lobbying in 2020 on issues such as the and Privacy Shield.

Privacy Shield was a framework for transferring data between the European Union and the U.S. but was declared .

Travis denied that LiveRamp is a data broker despite being listed on , insisting instead that the company is a “data connectivity platform.”

Experts said scrutiny and oversight is fairly new to the data broker industry.

“When somebody shows up on the lobbying records, or in meetings or in trade associations, it just tells me they’ve probably recently woken up to this issue and they see a real threat to their business model by privacy regulations,” Hayley Tsukayama, a legislative activist for the Electronic Frontier Foundation, said.

Others, however, said Congress is not doing nearly enough to regulate the unwieldy industry.

“What is widely understood now in Congress and among independent agencies like the FTC are the ways in which large tech companies like Facebook and Google are extracting data from consumers and using that to monopolize markets like the advertising industry,” Jane Chung, a Big Tech accountability advocate at the consumer advocacy group Public Citizen, said. “What a lot of people don’t understand is how data brokers fit into that ecosystem.”

Originally published as "“ with the Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license