Data Brokers: Who Is Selling Your Personal Information in 2026

Every time you sign up for a loyalty program, install a free app, or click "accept" on a cookie banner, a quiet transaction happens in the background. Your personal information is harvested, packaged, scored, and sold to companies you've never heard of. The middlemen behind this trade are called data brokers, and they've built a multi-billion-dollar industry on the back of your digital life.

This guide explains who these companies are, what they know about you, how they make money from your information, and most importantly, what you can do to push back.

What Are Data Brokers?

Data brokers are companies that collect, aggregate, analyze, and sell personal information about consumers, usually without those consumers' direct knowledge or consent. They operate in a legal gray zone, buying records from public sources, websites, apps, retailers, and other brokers, then reselling structured profiles to marketers, insurers, employers, political campaigns, and even government agencies.

The global data broker market was valued at over $280 billion in 2024 and is projected to surpass $400 billion by 2028. Unlike social media platforms or search engines, data brokers have no consumer-facing product. You are not their user, you are their inventory.

The Three Main Types of Data Brokers

Marketing and advertising brokers — build audience segments for targeted ads (e.g., "new parents earning $75k+ in Texas").
Risk mitigation and people-search brokers — sell background checks, identity verification, and fraud-detection profiles to banks, landlords, and employers.
Health, financial, and specialty brokers — focus on niche datasets such as prescription history, credit behavior, or location patterns.

Who Are the Biggest Data Brokers?

While thousands of companies operate in this space, a handful of giants dominate the industry. Most consumers have never heard their names, yet these firms hold detailed dossiers on hundreds of millions of people.

Company	Primary Focus	People Profiled	Annual Revenue (est.)
Acxiom (LiveRamp)	Marketing data	2.5 billion+	$650M+
Experian	Credit & marketing	1 billion+	$7B+
Equifax	Credit & identity	800 million+	$5.6B+
Oracle Data Cloud	Advertising audiences	5 billion devices	Part of $50B Oracle
LexisNexis Risk Solutions	Risk & background	500 million+	$3B+
CoreLogic	Property & finance	U.S. nationwide	$1.8B+
Spokeo / BeenVerified / Whitepages	People search	U.S. nationwide	$100M+ each

What Information Do Data Brokers Actually Collect?

The depth of information collected by brokers often shocks people who see their own file for the first time. A single profile can contain thousands of data points, assembled from hundreds of sources.

Common Categories of Collected Data

Identifiers: full name, aliases, date of birth, Social Security number fragments, driver's license details.
Contact data: current and past addresses, phone numbers, email addresses (including disposable ones).
Demographics: age, gender, ethnicity, religion, marital status, number and ages of children.
Financial profile: estimated income, net worth, credit tier, mortgage details, investment behavior.
Property and vehicle records: home value, square footage, car make/model, registration history.
Lifestyle and interests: hobbies, magazine subscriptions, charitable donations, political leanings.
Health-adjacent signals: gym memberships, OTC purchases, app usage suggesting conditions like diabetes or depression.
Online behavior: browsing history, search queries, app installs, social media activity.
Location data: precise GPS coordinates from mobile apps, often updated every few minutes.
Relationships: family members, neighbors, coworkers, roommates.

How Do Data Brokers Get Your Information?

Data brokers do not hack their way into your life. They buy, scrape, and license information through legal channels that most people unknowingly opt into every day.

Primary Collection Sources

Public records — voter registrations, court filings, property deeds, marriage licenses, bankruptcy filings.
Commercial transactions — loyalty cards, warranty registrations, magazine subscriptions, charity donations.
Mobile apps and SDKs — weather apps, games, and flashlight tools embedded with tracking software development kits that send location and behavior data home.
Website cookies and trackers — third-party scripts on news sites, e-commerce stores, and forums.
Social media scraping — public posts, profile photos, and connection graphs.
Other data brokers — brokers routinely buy and trade datasets with each other, multiplying the spread of any single leak.
Data breaches — leaked credentials and personal records eventually filter into commercial datasets, sometimes within days.

Who Buys This Data, and Why?

The buyers of broker data are far more diverse than most people imagine. While advertisers are the most visible customers, the list extends into sensitive corners of public and private life.

Advertisers and marketing agencies use audience segments to target ads with surgical precision.
Insurance companies price policies based on lifestyle inferences (e.g., snack purchases predicting health risk).
Banks and lenders verify identity and estimate creditworthiness for thin-file applicants.
Employers and landlords run background checks before offering jobs or leases.
Political campaigns microtarget voters by psychological profile and persuadability score.
Law enforcement and intelligence agencies purchase location and identity data, sometimes bypassing the need for a warrant.
Debt collectors and process servers locate people who don't want to be found.
Scammers and stalkers exploit cheap people-search sites to find targets.

Real-World Harms Caused by Data Broker Activity

The risks go far beyond annoying targeted ads. Documented harms include:

Identity theft — leaked broker databases have fueled some of the largest fraud waves on record.
Discrimination — algorithmic redlining in housing, employment, and credit decisions.
Stalking and domestic violence — abusers use people-search sites to track victims who have relocated.
Price discrimination — different shoppers see different prices based on inferred willingness to pay.
Reputational damage — outdated or inaccurate records appearing in background checks.
Government surveillance — agencies purchasing data that would otherwise require legal process.

The Legal Landscape: What Protections Exist?

Regulation is fragmented, and enforcement is uneven. Here's a snapshot of the major frameworks affecting data brokers in 2026.

Region	Key Law	Consumer Rights
European Union	GDPR	Access, deletion, portability, objection, consent requirements
United Kingdom	UK GDPR + DPA 2018	Similar to EU GDPR
California, USA	CCPA / CPRA + DELETE Act	Right to know, delete, opt out of sale; one-stop deletion request
Other US states	VA, CO, CT, TX, etc.	Varies — usually opt-out of sale and access rights
Canada	PIPEDA	Access, correction, consent
Brazil	LGPD	Similar to GDPR framework
Australia	Privacy Act 1988	Access, correction; reform underway

California's DELETE Act, fully effective in 2026, is a landmark: it requires every data broker operating in the state to register and honor a single deletion request submitted through a central state-run portal. Other jurisdictions are watching closely.

How to Remove Your Information From Data Brokers

You cannot delete every record about yourself, but you can dramatically reduce your exposure with a few hours of focused effort.

Step-by-Step DIY Removal Process

Inventory the major brokers. Start with Acxiom, Epsilon, Oracle, LexisNexis, Spokeo, BeenVerified, Whitepages, Intelius, MyLife, and Radaris.
Find each broker's opt-out page. Most are buried in privacy policies. Search "[broker name] opt out" to locate them.
Submit deletion or suppression requests. Some require ID verification; provide only what's necessary.
Track confirmations. Use a spreadsheet with broker name, date submitted, and follow-up deadline.
Re-check every 3–6 months. Brokers frequently re-list profiles after acquiring fresh data.

Paid Removal Services

Services like DeleteMe, Kanary, Optery, and Privacy Bee automate removal requests across hundreds of brokers for $100–$250 per year. They're a reasonable investment if your time is limited or your threat model is elevated (journalists, abuse survivors, public figures).

Preventing Future Data Collection

Removing existing records is only half the battle. The other half is shutting off the firehose feeding new data into the ecosystem.

Practical Daily Habits

Use a privacy-respecting browser like Brave or Firefox with tracking protection enabled.
Switch to encrypted DNS (such as Cloudflare 1.1.1.1, Quad9, or NextDNS) to block trackers at the network layer.
Install a reputable content blocker like uBlock Origin to neutralize third-party trackers and ad scripts.
Use email aliases from services like SimpleLogin, Apple Hide My Email, or Firefox Relay to compartmentalize signups.
Reduce app permissions — revoke location, contacts, and microphone access for any app that doesn't strictly need it.
Use unique short links you control when sharing content. Tools like Lunyb let you shorten URLs without exposing your data to ad-tech-heavy alternatives. You can read our honest Lunyb review or compare options in our 2026 URL shortener buyer's guide.
Pay with privacy in mind — virtual card numbers from Privacy.com or your bank prevent merchants from building purchase profiles across sites.
Opt out of loyalty programs that don't offer meaningful value, or use a dedicated alias and phone number for them.
Freeze your credit with all three bureaus to limit how often your file is pulled and sold as part of "prescreen" lists.

The Future of the Data Broker Industry

Three trends will reshape this market over the next few years:

Regulatory tightening. Expect more states and countries to pass deletion-style laws modeled on California's DELETE Act, plus stricter rules around health, location, and minors' data.
AI-driven inference. Brokers no longer need to collect a data point directly — large models can infer it from adjacent signals. This makes traditional "don't share X" advice less effective.
Privacy-preserving competitors. A growing class of services offers utility without surveillance: encrypted messengers, paid email, private analytics, and tools like Lunyb that handle links without monetizing user behavior.

The industry isn't going away, but its dominance is no longer inevitable. Each removal request, each blocked tracker, and each switch to a privacy-respecting tool chips away at the surveillance economy.

Frequently Asked Questions

Is it legal for data brokers to sell my personal information?

In most jurisdictions, yes — as long as brokers comply with applicable privacy laws. Selling data is generally legal under U.S. federal law, though state laws like CCPA, the DELETE Act, and similar frameworks in the EU, UK, Brazil, and Canada give consumers rights to access, correct, or delete their information.

How do I find out what data brokers know about me?

You can submit a Subject Access Request (SAR) under GDPR or a "right to know" request under CCPA to any broker handling your data. Major brokers like Acxiom, Experian, and LexisNexis have dedicated portals. Expect to receive a report within 30–45 days.

Will removing myself from data brokers stop targeted ads completely?

No, but it significantly reduces them. Ads also rely on real-time bidding signals from the websites you visit, so combining broker opt-outs with tracker blocking, encrypted DNS, and a private browser provides much stronger protection than any single step.

Are paid removal services worth the money?

For most people with limited time, yes. Services like DeleteMe and Optery handle hundreds of brokers and re-check quarterly, which would take dozens of hours to replicate manually. If you have an elevated threat profile, they're nearly essential.

Can data brokers track me even if I never use social media?

Absolutely. Public records, mobile app SDKs, retail purchases, and your offline activity (such as property ownership and voter registration) provide enough raw material to build a detailed profile. Avoiding social media helps, but it's not a complete shield.