How much that data could be worth to a buyer is still unclear, but the proposed sale is drawing protests from consumer advocates and raising potentially disturbing questions about how data about shoppers is handled.
In the Internet Age, people leave a near constant trail of digital bread crumbs about their lives. And it's clear that data has value: The entire online advertising industry is based on collecting it. But what happens if a company that has amassed a huge trove of data on nearly every aspect of a person's life gets sold off for parts?
Radio Shack declined to comment about its bankruptcy's process.
But as Bloomberg News noted, a Web site for Hilco Streambank, a company serving as an intermediary for RadioShack in the bankruptcy process, listed the retailer's "customer databases" as among the assets for sale. Hedge fund and RadioShack creditor Standard General won an auction for the company's assets, according to Bloomberg. But the deal must still be approved by a bankruptcy court in Delaware and is facing several challenges.
The potential sale of customer information is among the aspects being challenged, prompting complaints from the state of Texas and AT&T.
AT&T is arguing that some of the data that RadioShack is trying to sell actually belongs to the mobile phone giant. AT&T worked with the retailer to market some of its phones and should not be able to auction off the information about those sales, the company says. The data should be destroyed, AT&T says, otherwise it may fall into the hands of its competitors.
The Texas challenge is broader: Texas Attorney General Ken Paxton is arguing that the sale would violate a state law that prohibits companies from selling data in ways that violate the company's own privacy policies. Tennessee's Department of Commerce and Insurance joined in on that objection earlier this week.
And the federal government's de facto privacy watchdog, the Federal Trade Commission, might also be interested. The agency declined to weigh in specifically on the RadioShack matter because it doesn't comment on areas of potential action, but it has intervened in bankruptcies involving the sale of customer data in the past.
In most cases, companies are caught violating their own privacy policies, said David Vladeck, the former director of FTC's consumer protection bureau. "The agency's view is that whatever promises are made at the time of data collection would be binding on their successors even if it was a successor who simply bought assets at a bankruptcy auction," he said.
So what would happen if one of the large tech companies fell into bankruptcy and tried to sell off customer data?
Both Google and Facebook have contemplated that possibility and leave open the possibility that customer data could be sold. (Neither company immediately responded to a request for comment for this story.)
Facebook's data policy is a little more open-ended: "If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner."
Lisa Sotto, a managing partner focused on privacy and cybersecurity at law firm Hunton & Williams, said that this type of blanket provision is "very common." And since there's no general restriction on the ability to transfer data in the event of bankruptcy, these sort of public policies essentially become the law for each individual company, she said.
Privacy advocates warn that this could leave consumers at risk since data collected about them is arguably the most valuable thing big tech companies have. "If a Google or a Facebook were to fail, its data would be worth a lot more than information collected by RadioShack," said Ed Mierzwinski, the head of the Consumer Program at U.S. PIRG. "We're constantly concerned that, particularly in the digital era, companies' business models rely on collecting and selling customer information."
However, the FTC might be able to intervene even if a company has built-in data transfer language into their privacy policies, said Vladeck, by making the case that a sale of data is unfair to consumers. "Speaking hypothetically, if a social network company was selling part of its business, the FTC would surely look to ensure that consumers were protected from potentially harmful misuses of their data and would not look only to deception," he said.
But while the FTC has ramped up its efforts to protect consumers' privacy from new digital threats, it largely intervenes on a case by case basis. So with consumers casually turning over data to many different online and mobile services, people may find they've lost control of a lot of information about themselves the next time a tech bubble bursts.