21 August 2024
Quiz time: are the below two emails phishing or legitimate?
The above emails are legitimate!
They are sent from data broker companies notifying you that they processed your data and what you can do about it; let’s break that down a bit.
What are data brokers?
Data brokers are companies that collect and sell personal information.
Why do data brokers collect my data?
Aggregated data is used for various purposes, such as marketing, advertising, insurance pricing and fraud mitigation. They may also end up in more questionable places, such as people search sites. Whatever the purpose, personal data is collected to ultimately profile internet users and customers and has now become an essential part of business.
Are data brokers legal?
The short answer: Yes.
The long answer: It’s a bit complicated. Generally, collecting data from public sources is legal. In the EU and UK, the General Data Protection Regulation (GDPR) regulates that personal data must be collected with the user’s consent or other on lawful bases. However, the way this consent is obtained can be a bit murky e.g. through a terms of service agreement that most users definitely won't read.
Why are they sending these notification emails?
By sending these emails, data brokers are complying with their GDPR Article 14 requirements to notify data subjects when they have received the data from a source that isn’t the data subject.
They’re also giving you the knowledge your data was processed and the choice to opt out under Article 17 of the UK GDPR (‘Right to erasure’).
How do I remove my personal information from data brokers?
If you received a data collection notification email, it should contain instructions to request your data be removed, usually through an online form or email.
If you care about online privacy and wish to have your data removed, it’s a good idea to use the suggested routes to remove your personal data from these companies.
Without these notifications, you would have to manually search the companies that may have collected your data and go through the process of filling out an opt-out form. And even if you remove them once, the data could always be collected again.
Do I have to remove my data from data broker sites?
You may be thinking, that’s way too much of a hassle. And you’re right. Usually, having your data sit with a data broker doesn’t necessarily lead to a catastrophic breach of privacy. It’s been the unavoidable norm for a while, after all.
However, that is why the least you can do to have more control over your personal data is to read the notification emails from data brokers and take action whenever you can!
What if the email is phishing?
A legitimate concern is that an email seemingly from a data broker may be phishing. If you have any doubts, please forward the email to phishing@lse.ac.uk as an attachment, and the team will take a look for you.