Legislative Democrats on the Bipartisan Economic Panel assert they’ve pinpointed over $20.9 billion in financial detriments to consumers, linked to personal data pilfering associated with four significant security compromises involving information intermediary companies. This assessment was unveiled Friday in a dissenting document arising from a protracted investigation into data broker operations, initiated by United States senator Maggie Hassan.
Hassan, a New Hampshire Democrat and the JEC’s senior minority member, dispatched investigative requests to five prominent data intermediaries—Comscore, Findem, IQVIA Digital, Telesign, and 6Sense Insights—in August. This followed a probe conducted by The Markup and CalMatters, jointly released with WIRED, which discovered some data brokers were concealing privacy exit mechanisms from Google and other online indexing services by employing “no index” directives that instruct internet bots to omit the page from search results.
Fraudsters have been observed utilizing the sensitive data these types of companies maintain—including identifying details such as birth dates, residential locations, and even national identification numbers—to target individuals with tailored deception.
Four of the entities implemented measures subsequent to Hassan’s engagement to enhance the availability of opt-out choices. These actions included eliminating the “no index” code, incorporating more noticeable hyperlinks, and publishing instructions on asserting data protection entitlements.
Findem, nevertheless, failed to reply to Hassan or to subsequent inquiries from committee staff, and staff reported the company still retains the “no index” code from its page. WIRED’s calls to Findem on Thursday received no reply.
The document indicates Findem’s “lack of reply” to the lawmakers’ congressional probes prompts “profound and extensive concerns about its attentiveness to data removal petitions and dedication to data privacy.” It further states that the company’s own compulsory declarations from 2024 demonstrate it “failed to handle 80 percent of privacy requests from consumers and other parties,” attributing this to “inadequate information.”
IQVIA, 6sense, and Comscore offered no prompt reply to solicitations for statements. Telesign directs media questions through a web-based questionnaire that necessitates journalists agreeing to receive promotional messages, which was avoided due to that condition. Alternatively, a company email address that surfaced in earlier compromised data records was utilized.
The Markup/CalMatters investigation uncovered that numerous California-registered data brokers employed the “no index” code and other deceptive design techniques that render privacy and removal pages less accessible. “By acting in this manner,” the JEC minority report states, “the companies complicated matters for people seeking to safeguard their information against fraudsters.”Comscore informed the panel it audited its online portal after getting Hassan’s request and discovered that its “Individual Data Rights” section—which guides visitors to distinct applications for filing data removal petitions—featured a “no index” code. The company stated it identified the origin of the directive, which it deleted, tracing it back to a prior iteration of the page established in 2003. The report says the company was unable to ascertain why it was added, but posited it was “not designed to hinder user reach.”
Telesign affirmed that its data removal application, located on a “Data Privacy Inquiry” section, was absent from search engine listings during the period of the Markup/CalMatters reporting. It ascribed the problem to an external search engine optimization utility that limits discoverability as a standard setting, and states it has since activated indexing and incorporated a link in the page’s bottom section to the form.
JEC personnel indicate Telesign’s method continues to compel users to search outside its primary website and, even if hyperlinks are present, they’re frequently obscured on pages users would not logically expect to examine—notably data policy sections well over nine thousand words in length.
6sense contested the claim that its primary “Privacy Hub” was concealed, but conceded that its “Data Protection Guidelines” page—which directs to data removal utilities—formerly featured “no index” code. It furthermore stated that it deleted the directive subsequent to the Markup/CalMatters report. 6sense was the sole entity to indicate employing external assessments to evaluate both the discoverability of data removal choices and whether the requests are being adequately handled, the report says.
{content}
Source: {feed_title}