UK wants intel on data broker security as it readies DUAB • The Register

The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it poses to national security as it moves to push new data-sharing legislation over the line.

Organizations that pay for the services of data brokers and supply data to them, as well as data brokers themselves, are specifically invited to engage with the Department for Science, Innovation, and Technology’s (DSIT) call, although views from all stakeholders are welcome. The views of academics and think tanks whose work concerns the industry are also in demand.

“The UK government is seeking views to understand more about organizations that take part in data broking and the wider industry,” DSIT said. “In particular, the government would like to understand the operations, security practices, and customers of data brokers, to support policy development.”

Data brokers or information product companies – whatever your preferred term for these types of orgs – have faced growing criticism in today’s data protection-conscious world, especially as their hoarding of data into poorly guarded cloudy jackpots has faciliated of leak after leak.

These companies essentially collect vast amounts of personal data and sell these datasets to other organizations that can use them to build profiles on their target market.

This naturally makes them a goldmine for both marketers and cybercriminals. The US has in recent years taken regulatory action against several, some of which store hundreds of millions of records.

Where the FTC doesn’t act, The Register steps in to shine a spotlight on those with less-than-ideal security. Successful attacks on data brokers are not as rare as you might think or hope.

The UK government appears to recognize this. DSIT’s call for evidence acknowledges that these companies hold a trove of sensitive data that could be of huge interest to hostile states and cybercriminals both domestically and abroad.

Keir Starmer tells regulators to chill as Microsoft exec takes wheel of advisory council

READ MORE

It’s not a coincidence that the call comes as the Data (Use and Access) Bill (DUAB), legislation aiming to toe the line between GDPR compliance and “business friendliness” – yep, the old “open for business” line is being rolled out.

Just a few steps away from becoming law, and the DUAB – like previous contender the Data Protection and Digital Information Bill (DPDIB) – aims to remove some of GDPR’s limitations set out in the Data Protection Act 2018 while somehow also ensuring continued compliance with the regulation to allow for smooth dealings with EU organizations.

The government says the DUAB will help the NHS, police forces, scientists, and businesses to make “better use” of data with easier sharing opportunities than the current law allows.

Keir Starmer hands ex-Darktrace boss investment minister gig

READ MORE

One key proposal is the introduction of data intermediaries – third parties trusted to facilitate the sharing of data between organizations under smart data schemes, which have so far satisfied the UK’s data protection watchdog, the Information Commissioner’s Office.

Their role will be to ensure data is shared only in line with the intended purpose and with ethical and regulatory requirements.

While this may resemble data brokerage, the UK government insists that data intermediaries and brokers serve distinct functions.

DSIT explained the difference in a separate call for evidence about these data intermediaries specifically, which also launched on Monday.

It said: “Data intermediaries are one way of facilitating the right to data portability, as they can enable data subjects to port their data from one data controller to another, acting on a data subject’s behalf or in their interest. They differ from other data-driven companies such as data brokers, in that they rely on the agreement of the individual (the data subject) and act in their interest.”

The data broker inquiry primarily focuses on security concerns – the national security risks they pose and the effectiveness of existing security measures and governance frameworks.

In contrast, the data intermediary inquiry examines their day-to-day operations, and what an effective intermediary looks like, rather than the potential cybersecurity pitfalls they too could bring to the table.

Those with a horse in this race have until May 12 to share their perspectives with DSIT.

The government is also aware that some questions demand answers that could expose commercially sensitive information. Details such as a data broker’s security practices would be damaging in the wrong hands, but DSIT assures that any submitted data will be handled “carefully and securely.” ®

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!