Data brokers should be held accountable for the negative externalities they inflict on society. There will always be criminals online, and new regulations will never fully deter them. But governments can deter the complicit middlemen — the data brokers with little security and fewer scruples. While data brokers are often sued for damages if data is breached when it’s in the possession of those they sell to (e.g., Equifax in 2017 and Exactis in 2018), they are not held accountable for data breached by those they sell to, nor are their executives tried for fraud. What if instead they had to answer for the consequent fraud and abuse? What if authorities like the Federal Communications Commission had a strong mandate to punish data brokers for their role in leaks and breaches?

• Uncategorized