The US needs Data Privacy laws

Recently a news story broke that the Tax Filing Companies are sending data to Facebook, which is just the most recent instance of both tax filing companies and Facebook being crappy.  While "Data Privacy in the US is crap" is in the headlines, let's talk about the OG hateful data collectors - the Credit Agencies - and one specific way they are evolving to be even more terrible.

I've been in the process of taking on a Home Equity loan to just finish a whole lot of renovation on my home all at once, rather than the current "3 years of constant projects" I've been in the midst of.  On Friday, November 11th, the big three credit agencies notified every mortgage broker in the country that a loan provider that deals with mortgages (and HELOCs in my case) had just made an inquiry against my credit, and they provided every single broker my contact information.  One of the services the Credit Agencies offer is to notify loan providers when any person they monitor (all of the US population) appears to be in the process of taking out a certain type of loan - home, auto, etc. - so that the other providers can try to poach the loan business.

Maybe in normal times this would have resulted in me being annoyed by a dozen or so inquiries.  But for people who haven't been paying attention to what interest rates have done to the mortgage industry, it's bad.  Rocket Mortgage reported a 93% decline in revenue because of the terrible rates.  People are simply not taking out ridiculous 7% loans when parasitical investor buyers have driven housing prices to astronomical levels.  The mortgage industry is desperate, and I'm absolutely sure it is rough for the brokers out there.  They must be dealing with horrendous uncertainty as their income disappears.

But their desperation, coupled with the credit agencies alerting every broker in the country that I might be interested in a refinance means that I did not get dozens of inquiries.  What it meant was starting at exactly 6 AM PST Friday Nov 11th, I have received 1000s of calls a day, with often multiple calls in the same minute. Even with my phone rejecting every number not in my contacts, it still sends me notifications that it did so - hundreds an hour.  I have been deleting dozens of voicemails an hour (fortunately only a fraction bothers to leave one) just to keep my voicemail from becoming unavailable.  FOR FOURTEEN DAYS!!! (with a brief break for Thanksgiving).  Volume has decreased maybe 20% since the 11th, but it's still astoundingly bad.  

The credit system in the US has always been broken - "this magic number gives you justification to either jack up the interest rate or deny credit entirely" has always been bullshit, among other things a way to algorithmically encode racism into the financial system and to create reinforcements to poverty with "financial astrology" as the justification. But with the credit agencies being for profit companies they will constantly be motivated to find new ways to monetize the data, and short of something being outright illegal (and almost none of it is) they will do it if there is money there.

So we need to make this illegal.  We need to regulate the crap out of what companies are allowed to do with data.  We should be able to do our taxes without Zuckerberg getting that info, take out a loan without the credit agencies alerting every relevant loan broker (and whoever else decides to pay for the service), have a say with how much of our data our employers freely share with data brokers about our employment, prevent grocery stores using facial recognition to track what aisles we frequent, and be able to visit a food truck without Google location services deciding we should see ads for tortilla warmers.

I would say we should have laws like the EU, but their implementation sucks - yes, every organization should need to ask for permission about what they collect and how they use our data. But we should go further and ensure that the law also stipulate that we can set header policies in the browser, OS policies on our devices, Bluetooth beacons that signal our lack of consent, etc. that proactively let us specify "no, you can't" rather than being harassed by thousands of crappy popups and "implicit" agreements when we visit physical locations.

Will this kill business models, maybe entire industries?  Yes. And that's a feature.

~JBW