February 7th, 2011, 1:18 pm
First, it's not illegal to sell personal data if the person agrees to let their data be sold. So be careful when clicking the "I agree to these terms" button on U.S. websites. The one exception is health data which is governed by a nasty bit of regulation so heavy-handed that actually impedes doctors from texting each other to coordinate care.Second, some data is sold on an anonymized basis by aggregating the data or obscuring any personal identifiers (e.g., a company such as Facebook might tell Starbucks the % of people who mention going to coffee shops and having dogs without revealing which people go to coffee shops and have dogs. Or company like Facebook might tell Starbucks that random ID 73268767846 drinks coffee, has a dog, and lives in New York City but not give enough information to link ID 73268767846 to a name because thousands of people drink coffee, have a dog, and live in New York City. Anonymized data is NOT leak-free where the aggregates become so narrowly defined that they may only include a few people or where anonymized records can be cross-referenced to public records to pinpoint individuals.