The demise of RadioShack left techies with one less place to congregate and buy obscure batteries and soldering equipment. And if that wasn't bad enough, now the bankrupt company is trying to sell off the devotees' data.

After filing for bankruptcy in early February, RadioShack is currently making its way through the painful process of figuring out how creditors will be paid back - auctioning off real estate and trademarks.

Also on the list is more than 13 million email addresses and 65 million customer names and physical addresses - as well as potential information about customers shopping habits.

How much that data could be worth to a buyer is still unclear, but the proposed sale is drawing protests from consumer advocates and raising disturbing questions about how data about shoppers is handled.


In the Internet Age, people leave a near constant trail of digital bread crumbs about their lives. And it's clear that data has value: The entire online advertising industry is based on collecting it.

But what happens if a company that has amassed a huge trove of data on nearly every aspect of a person's life gets sold off for parts?

Radio Shack declined to comment about its bankruptcy's process.

The company was a pioneer in collecting customer data, said Marc Rotenberg, president of the Electronic Privacy Information Center.

"Radio Shack was the first company that routinely asked for phone numbers. The privacy policy was critical to maintain consumer confidence," he said.

And in its privacy policy, RadioShack told customers that it wouldn't sell or rent their personally identifiable information to third parties - which should make this a pretty clear issue, Rotenberg said.

But as Bloomberg News noted, a Web site for Hilco Streambank, a company serving as an intermediary for RadioShack in the bankruptcy process, listed the retailer's "customer databases" as among the assets for sale.

Hedge fund and RadioShack creditor Standard General won an auction for the companies' assets, according to Bloomberg.


But the deal must still be approved by a bankruptcy court in Delaware and is facing several challenges.

The potential sale of customer information is among the terms being challenged, prompting complaints from the state of Texas and AT&T.

AT&T is arguing that some of the data that RadioShack is trying to sell actually belongs to the mobile phone giant.

AT&T worked with the retailer to market some of its phones and should not be able to auction off the information about those sales, the company says.

The data should be destroyed, AT&T says, otherwise it may fall into the hands of its competitors.

The Texas challenge is broader: Texas Attorney General Ken Paxton is arguing that the sale would violate a state law that prohibits companies from selling data in ways that violate the company's own privacy policies.

Tennessee's Department of Commerce and Insurance joined in on that objection earlier this week.

And the federal government's de facto privacy watchdog, the Federal Trade Commission, might also be interested.

The agency declined to weigh in specifically on the RadioShack matter because it doesn't comment on areas of potential action, but it has intervened in bankruptcies involving the sale of customer data in the past.

Back in 2000, after the dot-com bubble burst, the FTC sued to stop from selling off customer data in violation of its privacy policy.

In that case, the FTC said that data in question included names, addresses, billing information, shopping preferences and family profiles, including the names and birth dates of children.

The data was eventually destroyed.

The FTC has also sent letters about proposed data sales in the bankruptcies of other companies, including Borders, XY Magazine, and ConnectEDU.

So what would happen if one of the large tech companies fell into bankruptcy and tried to sell off customer data?

Both Google and Facebook have contemplated that possibility and leave open the possibility that customer data could be sold. (Neither company immediately responded to a request for comment for this story.)

In its privacy policy, Google says that if the company is "involved in a merger, acquisition or asset sale" it would continue to safeguard the confidentiality of its users.

Users would be notified before their personal information ends up in new hands, the policy says.

Facebook's data policy is a little more open-ended: "If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner."

While the FTC has ramped up its efforts to protect consumers' privacy from new digital threats, it largely intervenes on a case by case basis.

So with consumers casually turning over data to many different online and mobile services, people may find they've lost control of a lot of information about themselves the next time a tech bubble bursts.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.