US brokers selling overlapping datasets with people as “actively pregnant“
gizmodo.comFor the uninitiated..
>In an email statement, a spokesperson for Mastercard said the company only uses “anonymized transaction data” to gather data at the postal code level.
There are three datapoints required to reliably de-anonymize someone based on the latest research I've read. Zip code, gender, and date of birth. A payment processor by default must track date of birth. They admit to tracking by zipcode. Gender is heavily implied in this context.
In short, I'd assume that any sufficiently motivated adversary (state or corporate actor) can rip back this cloak of anonymity, but claims that it is preserved to keep you, their desired millieu to control, from getting uppity.
What is the legality of poisoning publicly accumulated databases?
What is the legality of poisoning non-publicly accumulated databases?
(I understand there are jurisdictional differences, so if you be kind mention in what jurisdictional framework you are writing about for my learning.)
You're not going to pollute VISA/Mastercard without running afoul of identity theft/wire fraud charges in the United States.
Any other datasets are only going to attempt to "enrich" their own datasets with other datasets. This is why Plaid* had such a strong value proposition in spite of their completely unethical business practices.
The other big brokers of datasets out there (LexisNexus, etc...) go to incredible lengths to rake in any possible public record out there.
If your state or corporate actor can do this, it is just the beginning.
The idea that they scrape transaction data is unsettling