The UK government has launched an inquiry into the data broking industry, seeking insights into its operations and potential national security risks. The Department for Science, Innovation, and Technology (DSIT) is calling on stakeholders to provide evidence to inform policy development.
Data brokers collect and sell vast amounts of personal and non-personal data, making them attractive targets for hostile actors, including cybercriminals and foreign states. The government aims to understand how these entities operate, their security practices, and who their customers are to assess potential threats.
Data brokers in the North America context have accumulated substantial information on individuals, often linking data from various sources, bringing together disparate items from a variety of data sources. The result is a complete profile of an individual that, while incredibly useful for marketing analysis might be dangerous from a privacy and security point of view.
The amount and depth of data held is so large that some have joked that that the governments don’t need to spy on their citizens, they can just buy the data like anyone else.
Which also introduces another question. How well do these brokers secure the data they have.
The UK inquiry is a valuable input to the pending Data (Use and Access) Bill (DUAB), which seeks to balance GDPR compliance with facilitating data sharing. The legislation proposes introducing data intermediaries—trusted third parties that manage data sharing between organizations—to ensure ethical and regulatory compliance.
It’s a process that other governments, particularly Canada and the US might be well advised to follow and consider in their own privacy legislation.
The DSIT’s call for evidence is open until May 12, 2025, and welcomes input from data brokers, their clients, suppliers, industry bodies, academics, and think tanks. The collected information will support the development of policies to safeguard UK data against potential national security threats.
