Feds Scrutinize Data Brokers
Federal agencies—including the FBI—are buying commercially available data from brokers in ways that may sidestep traditional legal oversight, and privacy advocates are loudly warning about the loophole and potential new restrictions. This scrutiny could prompt shifts in how municipal IT teams source third‑party datasets for analytics and operations. (fedscoop.com)
FBI Director Kash Patel told the Senate Intelligence Committee on March 18, 2026 that the bureau purchases commercially available location datasets and declined to commit to a pledge not to buy Americans’ location data when pressed by Sen. Ron Wyden. (politico.com)) Senators Ron Wyden and Mike Lee are sponsoring the Government Surveillance Reform Act, a March 2026 proposal that would ban federal agencies from buying Americans’ sensitive data from data brokers without a warrant. (lofgren.house.gov)) The Brennan Center, the ACLU, the CDT and the Project on Government Oversight have each published analyses or letters this year calling on Congress to close the so‑called “data broker loophole” and to require court process before government purchases of sensitive commercial datasets. (brennancenter.org)) Regulatory pressure is already building: reporting notes the Federal Trade Commission has targeted sales of sensitive location data by brokers, and a previously withheld DHS report documented broad agency reliance on brokered location streams—both developments that tighten compliance risk for buyers and sellers. (lawfaremedia.org)) The GSRA text and federal data‑policy playbooks make plain that a law banning purchases would force local procurement offices to add explicit contract requirements—vendor attestations on data provenance, prohibitions on broker‑sourced sensitive location feeds, and audit rights to verify origin. (lofgren.house.gov)) State and municipal guidance and vendor‑due‑diligence templates recommend concrete steps proven to speed compliance: maintain a centralized inventory of third‑party datasets, tier vendors by risk level, require source‑of‑data documentation at onboarding, and automate lineage tracking to prevent single‑owner knowledge silos. (dir.texas.gov)) The Government Accountability Office and the Federal Data Strategy point to existing artifacts—CDO‑maintained inventories, data‑use agreements and vendor validation checklists—that city IT shops can repurpose to enforce any new purchase restrictions without wholesale restructuring of staff. (gao.gov))
