The CDT alleges that Spokeo - promoted as "not your grandma's phone book" - violates the US Fair Credit Reporting Act by publishing financial information on millions of residents without allowing them to see who has accessed their data or informing them of potential adverse determinations made from the data. CDT also claims that Spokeo's profiles feature "significant inaccuracies", of concern given that the site is promoted to human resource professionals and that there apparent impediments to correction of faulty data.
In an illustration of regulatory problems, Spokeo has indicated that it is not covered by that statute because it does not issue credit reports (instead providing credit and wealth estimates) and because it uses only publicly available information. Spokeo reportedly "does not access Social Security numbers, driver's license numbers, or bank accounts used by credit reporting agencies", complaining that the CDT has made "an unwarranted and unsupported claim".
What does the site provide? The Times reports that Spokeo "appears to have renamed a 'credit estimate' indicator to an 'economic health' indicator since the CDT complaint was filed. You say potatoe and I say potato ...
A Spokeo search draws on 'public information' that may result in a listing that identifies an individual's -
- address (inc aerial photo of residence)
- phone number (landline and mobile)
- email address
- marital status
- ethnicity
- approximate age
- occupation
- approximate house value
- whether home has pool, fireplace, central heating
- status of the neighbourhood (inc ethnicity)
- hobbies and other information of a person.
- star sign
- educational level
- offspring
- political leanings
- length of residence
- length of home ownership
- pet ownership
- car ownership (inc type of vehicle)
- "economic health"
- "wealth level".
The Spokeo site boasts that -
How is Spokeo different from Facebook? Facebook is a social network on which users shares their personal data, whereas Spokeo is a search engine that aggregates data from various third-party sources. The difference between Facebook and Spokeo is analogous to the difference between You vs. Google Map taking a picture of your house. Data originated from you can be more detailed and accurate, but you also have the liberty to lie about it. Data pieced from public domains may not be complete, but it gives an objective, third-party perspective, which is valuable for people research purposes.The CDT has, reasonably, commented that data from public sources is "very clearly" protected under the statute, which covers any communications that have a -
bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living, which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for credit or insurance [or] employment purposesEmployment reports are also covered, with businesses being required to tell consumers what information they hold and take steps to verify the accuracy of the data when disputed by a consumer.
The report notes that Spokeo has targeted recruiters and HR professionals -
Earlier this week, a Spokeo blog post listed, among the site's top uses, searches on prospective or current business associates or research on prospective employees. That blog post, apparently written by a Spokeo employee, has been changed, with the suggestions to search for information on business associates or prospective employees eliminated.Spokeo is reported as responding that it "in no way endorses" those uses of its site, prompting CDT's rejoinder that it is "not entirely sure" how provision of "wealth estimates and other financial information" helps "friends find each other".
Spokeo's blog still contains a post listing a customer's top uses of the site, including doing research on potential employers and employees.
Spokeo reportedly allows people to delete their information, a process that hopefully is more meaningful than the deletion that has been offered in the past by Facebook. Only a "tiny" percentage of people do so. The CDT comments that there are problems with the deletion process - In some cases, a profile is deleted, then Spokeo creates a new profile of the same person later. Spokeo appears to have multiple profiles on some people, with suggestions that deleting one profile will not delete the others.
Just as significantly, there are crucial inequalities in data collection. If Spokeo doesn't comply with the statute by notifying people of adverse decisions based on its data, people may not realize the site has information about them -
People wouldn't know to go to Spokeo to delete their profile in the first place. "There are lots of other Spokeos out there; creditors, employers, or other decision-makers may be using those sites to evaluate me, and I wouldn't know to go to those sites to see if my data was accurate unless they told me.