Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a loyalty card, install a free app, or browse a news site, an invisible industry quietly profits from your behavior. Data brokers — companies that collect, package, and resell personal information — generate over $250 billion globally each year. Most people have never heard of them, yet these firms know your address history, income bracket, health conditions, political leanings, and even your shopping habits.
This guide explains who data brokers are, how they operate, who is selling your information, and what you can do to take back control of your personal data.
What Are Data Brokers?
Data brokers are companies that aggregate personal information from public records, online activity, purchase history, and third-party sources, then sell that information to advertisers, insurers, employers, governments, and other businesses. They operate largely behind the scenes, with no direct relationship with the people whose data they trade.
The industry is divided into several categories:
- Marketing data brokers — sell consumer profiles for targeted advertising
- Risk mitigation brokers — provide background checks, fraud detection, and identity verification
- People-search sites — publish profiles searchable by name, often free to consumers
- Health and financial data brokers — sell specialized datasets to insurers, pharmaceutical companies, and lenders
How Data Brokers Collect Your Personal Information
Data brokers rarely interact with you directly. Instead, they harvest information from dozens of sources and stitch it together into a detailed profile. Common collection methods include:
- Public records: Court filings, property deeds, voter registrations, marriage licenses, and business registrations.
- Commercial sources: Retailers selling purchase histories, loyalty programs sharing customer lists, and warranty cards.
- Online tracking: Cookies, pixels, and fingerprinting scripts embedded in websites and apps.
- Mobile apps: Free apps that demand access to contacts, location, and device identifiers.
- Social media scraping: Automated tools that extract profile data, posts, and connections from public profiles.
- Data partnerships: Buying or licensing datasets from telecoms, banks, credit bureaus, and other brokers.
Once collected, this raw data is enriched, deduplicated, and matched against existing profiles using identifiers like email addresses, phone numbers, hashed cookies, and mobile advertising IDs.
The Biggest Data Brokers Selling Personal Information
The data brokerage industry is dominated by a handful of giant firms, alongside hundreds of smaller specialists. Here are some of the largest and most influential players in 2026.
| Company | Headquarters | Primary Focus | Estimated Annual Revenue |
|---|---|---|---|
| Acxiom (LiveRamp) | USA | Marketing data, identity resolution | $650M+ |
| Experian | Ireland/UK | Credit, marketing, risk | $7B+ |
| Equifax | USA | Credit reporting, workforce data | $5.6B+ |
| TransUnion | USA | Credit, fraud, marketing | $3.9B+ |
| Oracle Data Cloud | USA | Audience targeting (wound down 2022, partial successors active) | N/A |
| Epsilon (Publicis) | USA/France | Marketing data, email targeting | $2B+ |
| CoreLogic | USA | Property and mortgage data | $1.6B+ |
| LexisNexis Risk Solutions | USA/UK | Risk, legal, government data | $3B+ |
| Nielsen | USA | Media measurement, consumer behavior | $3.5B+ |
Beyond these giants, thousands of smaller brokers specialize in niches like medical conditions, military families, senior citizens, students, gamblers, and even people experiencing financial hardship. The US state of Vermont, which maintains a data broker registry, lists more than 120 registered firms — and that is just a fraction of the global industry.
What Personal Information Is Being Sold?
The scope of data being traded is staggering. A single broker profile can contain hundreds, sometimes thousands, of data points about one individual. Categories commonly bought and sold include:
Identity and Contact Data
- Full name, aliases, and maiden names
- Current and historical addresses
- Phone numbers and email addresses
- Date of birth and government identifiers (in some jurisdictions)
Financial Data
- Estimated income and net worth
- Credit score ranges
- Mortgage and property values
- Investment behavior and bank relationships
Behavioral and Lifestyle Data
- Purchase history across thousands of retailers
- Hobbies, interests, and subscriptions
- Travel patterns and frequent destinations
- Vehicle ownership and driving habits
Sensitive Inferred Data
- Health conditions (inferred from purchases and searches)
- Political affiliation and likely voting behavior
- Religious beliefs and ethnicity estimates
- Sexual orientation, relationship status, parenthood
Investigations by journalists and researchers have repeatedly shown that brokers sell lists categorized as "people with depression," "survivors of sexual assault," "families with a member who has dementia," and "rape victims." Such categories are perfectly legal to trade in most jurisdictions.
Who Buys Personal Data From Brokers?
The buyer pool extends far beyond advertisers. Common purchasers include:
- Advertisers and marketers — for precise audience targeting
- Insurance companies — to refine premium calculations
- Banks and lenders — for credit and risk decisions
- Employers and recruiters — for background screening
- Landlords — for tenant screening
- Political campaigns — for voter modeling and outreach
- Law enforcement and intelligence agencies — sometimes purchasing data they would otherwise need a warrant to obtain
- Scammers and stalkers — via people-search sites with minimal verification
The last category is particularly alarming. People-search sites like Spokeo, BeenVerified, and Whitepages publish detailed profiles accessible for a few dollars or, in many cases, completely free.
The Real-World Harms of Data Brokerage
The data broker economy is not just an abstract privacy issue. It causes concrete harm to real people every day.
Identity Theft and Fraud
Aggregated profiles give criminals everything they need to impersonate victims, open fraudulent accounts, or pass security questions.
Discrimination
Insurers have used purchase data to raise premiums. Employers have rejected candidates based on inferred mental health conditions. Lenders have priced loans based on neighborhood-level demographics that act as proxies for race.
Stalking and Domestic Violence
People-search sites have repeatedly been used by abusers to locate victims who relocated for safety. In multiple documented cases, victims have been murdered after their new addresses appeared on broker sites.
Government Surveillance Without Warrants
Agencies have purchased location data from brokers that they would otherwise need court approval to obtain — a workaround now under legal challenge in several countries.
Global Regulations on Data Brokers
Regulation of the data broker industry varies dramatically by region.
| Region | Key Law | Broker-Specific Rules | Consumer Rights |
|---|---|---|---|
| European Union | GDPR | Strict consent and purpose limitation | Access, deletion, portability |
| United Kingdom | UK GDPR + Data Protection Act | Mirrors EU rules | Access, deletion, objection |
| California, USA | CCPA / CPRA + Delete Act | Broker registry, universal opt-out (2026) | Access, deletion, opt-out of sale |
| Vermont, USA | Data Broker Law | Mandatory registry, security standards | Limited |
| Canada | PIPEDA | Consent-based, under reform | Access, correction |
| Australia | Privacy Act 1988 | Under major review | Access, correction |
| Brazil | LGPD | GDPR-style framework | Access, deletion, portability |
California's Delete Act, which becomes fully operational in 2026, is the most ambitious effort yet. It will let residents submit a single request to delete their data from every registered broker at once. The EU's enforcement of GDPR has produced multi-million-euro fines against brokers, but compliance remains uneven.
How to Find Out What Brokers Know About You
You can request a copy of your data from most major brokers, though the process is often deliberately tedious.
- Start with the big four: Acxiom, Experian, Equifax, and LexisNexis all offer consumer data access portals.
- Check people-search sites: Search your own name in quotes plus your city on Google. Sites like Spokeo, BeenVerified, Whitepages, and Radaris will likely appear.
- Use a privacy dashboard: Services like Privacy Bee, DeleteMe, Optery, and Kanary scan hundreds of brokers and show what they hold.
- File GDPR/CCPA requests: If you live in a covered region, brokers must respond within 30-45 days.
How to Remove Yourself From Data Broker Databases
Removing your data is possible but ongoing — brokers re-collect information from public sources, so opt-outs need to be repeated periodically.
Manual Opt-Out
Every major broker has an opt-out form, though they are often buried deep within privacy policies. Plan to spend 20-40 hours covering the top 100 brokers. Maintain a spreadsheet to track requests and follow-ups.
Paid Removal Services
Services like DeleteMe ($129/year), Optery ($99-$249/year), Kanary ($150/year), and Privacy Bee ($197/year) automate removal across hundreds of brokers and re-scan continuously.
Reduce New Data Generation
- Use email aliases (SimpleLogin, Apple Hide My Email, Firefox Relay)
- Use a secondary phone number for sign-ups
- Disable mobile advertising IDs on iOS and Android
- Use privacy-focused browsers like Brave or Firefox with strict tracking protection
- Switch to encrypted DNS providers (Cloudflare 1.1.1.1, NextDNS, Quad9)
- Be cautious with loyalty programs and free apps
Shorten and Mask Links You Share
Every link you share publicly can leak referrer data, location, and behavioral signals back to brokers. Using a privacy-respecting link shortener like Lunyb strips out tracking parameters and gives you control over what analytics are collected. You can read our honest review of Lunyb or compare it to alternatives in our 2026 buyer's guide to URL shorteners.
The Future of the Data Broker Industry
Several forces are reshaping the industry heading into the late 2020s:
- Cookie deprecation: Browsers phasing out third-party cookies is pushing brokers toward first-party identity graphs and server-side tracking.
- AI training data demand: Brokers are licensing behavioral datasets to train large language models, opening new revenue streams and new privacy concerns.
- State-level US laws: With no federal privacy law in sight, a patchwork of state regulations is forcing brokers to build compliance infrastructure they previously avoided.
- Consumer awareness: Privacy tools are moving from niche to mainstream, with browser-level protections becoming default.
The industry will not disappear, but the days of frictionless, unregulated data trading are ending. Consumers who act now can dramatically reduce their exposure.
FAQ: Data Brokers and Personal Information
Is it legal for data brokers to sell my personal information?
In most jurisdictions, yes — provided the broker complies with applicable privacy laws. In the EU, UK, Brazil, and an increasing number of US states, brokers must offer access, deletion, and opt-out rights. In much of the rest of the world, the trade is largely unregulated.
How much is my personal data worth?
An individual's full profile typically sells for between $0.10 and a few dollars in bulk, but specialized data — like verified contact information for high-net-worth individuals or people with specific medical conditions — can fetch significantly more. The aggregate value of one person's data across their lifetime is estimated at hundreds of dollars annually.
Can data brokers sell my Social Security number or government ID?
Direct sale of full government identifiers is restricted in most countries, but partial numbers, derived identifiers, and matched profiles that effectively identify you are routinely traded. Risk and identity verification brokers like LexisNexis and Equifax handle the most sensitive identifiers under regulated frameworks.
Does opting out of data brokers actually work?
Yes, but it is not permanent. Brokers continuously re-collect data from public records and commercial sources, so removed profiles often reappear within 3-12 months. Continuous monitoring through a paid removal service or repeated manual opt-outs is required for lasting results.
What is the single most effective step I can take today?
Reduce the data you generate in the first place. Use email aliases for sign-ups, decline app permissions you don't need, disable mobile advertising IDs, switch to a privacy-respecting browser, and avoid loyalty programs that share data. Combined, these habits cut new data flow by 70-90% — far more effective than chasing brokers after the fact.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Your Digital Footprint: What It Is and How to Control It
Your digital footprint shapes your reputation, security, and even the prices you pay online. This complete 2026 guide explains what it is, the difference between active and passive footprints, and a step-by-step plan to audit, reduce, and control it.
How to Protect Your Privacy Online in Australia: 2026 Guide
Australia has world-leading data breach exposure, mandatory metadata retention, and relentless SMS scams. This 2026 guide shows you exactly how to protect your privacy online in Australia — from myGov hardening and encrypted DNS to safer link sharing and post-breach recovery.
AI and Privacy: What You Need to Know in 2026
AI is everywhere in 2026, and so are the privacy risks that come with it. This guide explains how AI collects your data, the biggest threats to watch, the regulations now in force, and practical steps to keep your information safe.
How to Stop AI from Tracking You Online: A Complete 2026 Privacy Guide
AI tracking has evolved far beyond cookies, using behavioral fingerprints and machine learning to profile you across every site. This guide covers 10 practical steps to block AI surveillance, opt out of model training, and reclaim your online privacy in 2026.