Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a newsletter, install an app, browse a shopping site, or even fill out a warranty card, pieces of your personal information enter a vast, largely invisible marketplace. At the center of this marketplace sit data brokers — companies whose entire business model revolves around collecting, packaging, and selling information about you to advertisers, insurers, employers, governments, and sometimes scammers. This guide explains exactly who these companies are, what they know about you, how they operate, and what you can do to take back control.
What Are Data Brokers?
Data brokers are companies that collect personal information from public records, online activity, mobile apps, loyalty programs, and third-party sources, then resell that data to other businesses. They typically have no direct relationship with the people whose data they trade, which is why most consumers have never heard of the brokers holding detailed profiles on them.
The global data broker industry is now worth over $300 billion annually and includes thousands of firms — from household names like Acxiom, Experian, and LexisNexis to obscure people-search sites and ad-tech middlemen. Some specialize in financial profiles, others in health, location, political views, or purchasing behavior.
The Three Main Types of Data Brokers
- Marketing data brokers — build consumer segments (e.g., "new parents earning $80k+") and sell them to advertisers.
- Risk-mitigation brokers — supply data to banks, insurers, and employers for fraud, credit, and background checks.
- People-search sites — publish profiles online (often with addresses and phone numbers) and monetize via subscriptions or paid removals.
What Information Do Data Brokers Actually Have?
The depth of a typical broker file is unsettling. A single profile can contain thousands of attributes, assembled from dozens of sources and refreshed continuously.
Common Data Points Collected
- Full name, current and previous addresses, phone numbers, and email addresses
- Date of birth, gender, marital status, household composition, and number of children
- Income range, estimated net worth, credit indicators, and homeownership status
- Purchase history from loyalty cards, e-commerce sites, and offline retailers
- Web browsing patterns, app usage, and search interests
- Precise location history from mobile SDKs embedded in free apps
- Health interests, prescription categories, and fitness tracker data
- Political affiliations, religious leanings, and charitable donations
- Vehicle ownership, travel patterns, and insurance claims
Reporters and researchers have repeatedly demonstrated that even "anonymized" broker datasets can be re-identified to specific individuals with as few as four data points.
How Data Brokers Collect Your Information
Brokers rarely steal data — they buy, scrape, or license it from sources you've technically agreed to, often buried in terms of service you never read.
Primary Collection Channels
- Public records: court filings, property deeds, voter rolls, marriage licenses, and business registrations.
- Commercial partners: retailers, magazine subscriptions, sweepstakes, and loyalty programs that share or sell customer lists.
- Mobile apps and SDKs: free apps (weather, games, flashlights) embed tracking code that streams location and device data to brokers in real time.
- Web tracking: cookies, pixels, fingerprinting, and bidstream data from real-time ad auctions.
- Social media scraping: public posts, likes, and connections aggregated at scale.
- Data exchanges: brokers buy and trade datasets with each other, multiplying reach.
Who Buys Your Data — And Why
The buyer side of the data broker market is broader than most people realize, extending far beyond targeted ads.
| Buyer Category | Typical Use Case | Risk to You |
|---|---|---|
| Advertisers & marketers | Targeted ads, audience segmentation | Manipulation, price discrimination |
| Insurance companies | Premium pricing, claims review | Higher rates based on lifestyle data |
| Banks & lenders | Credit decisions, fraud scoring | Loan denials from inaccurate data |
| Employers & recruiters | Background checks, hiring decisions | Job loss based on outdated info |
| Political campaigns | Voter targeting, persuasion modeling | Election interference, misinformation |
| Government agencies | Law enforcement, intelligence | Surveillance without warrants |
| Scammers & fraudsters | Phishing, identity theft, romance scams | Financial loss, harassment |
The Real-World Harms of Data Broker Activity
The consequences are no longer theoretical. Investigations over the past few years have linked broker data to stalking, doxxing, discriminatory pricing, and even physical violence.
Documented Cases of Harm
- Stalking and domestic abuse: People-search sites have published the home addresses of abuse survivors, leading to documented attacks.
- Location tracking of sensitive populations: Reporters bought commercial location data revealing visits to abortion clinics, places of worship, and military bases.
- Discriminatory pricing: Online retailers show higher prices to shoppers profiled as less price-sensitive.
- Insurance and credit denials: Inaccurate broker data has caused wrongful denials with no clear appeal process.
- Targeted scams against seniors: "Suckers lists" of vulnerable older adults are openly traded for fraud campaigns.
The Legal Landscape in 2026
Regulation is finally catching up, but enforcement remains uneven across regions.
Key Privacy Laws You Should Know
- GDPR (EU/UK): Gives residents rights to access, correct, and delete personal data, plus the right to object to profiling.
- CCPA / CPRA (California): Allows residents to opt out of the sale and sharing of personal information and request deletion.
- State laws (US): Colorado, Virginia, Texas, Oregon, and over a dozen other states now have comprehensive privacy laws.
- Data broker registries: California, Vermont, Oregon, and Texas require brokers to register publicly, making it easier to identify them.
- DELETE Act (California): Launching a one-stop deletion request system that forces all registered brokers to honor a single request.
- LGPD (Brazil), PIPL (China), POPIA (South Africa): Similar frameworks expanding globally.
How to Find Out What Data Brokers Know About You
You have more rights than you think — but exercising them takes effort.
Step-by-Step: Auditing Your Data Exposure
- Search yourself on people-search sites like Spokeo, BeenVerified, Whitepages, and Radaris. Note which ones list you.
- Check official broker registries in California and Vermont for the most complete lists of registered firms.
- Request your data from major brokers like Acxiom, Experian, LexisNexis, and Oracle Data Cloud. Most provide a free Subject Access Request form.
- Review your inbox for promotional emails — each one is a clue about which companies have your address.
- Check ad settings on Google, Meta, and your mobile operating system to see what categories you've been placed into.
How to Remove Yourself from Data Broker Lists
Removal is possible but tedious. Each broker has its own opt-out form, and many require ID verification or re-submission every few months.
Manual Removal Process
- Visit each broker's privacy or opt-out page (search "[broker name] opt out").
- Submit a deletion or do-not-sell request, citing GDPR, CCPA, or your local law.
- Verify your identity if required — use a dedicated email alias rather than your main address.
- Keep records of every request, including dates and confirmation numbers.
- Re-check every 3–6 months, since brokers often reacquire data from new sources.
Automated Removal Services
Services like DeleteMe, Kanary, Optery, and Incogni handle removal at scale for an annual fee, typically $100–$250. They cover 100–500 brokers and provide quarterly reports. For people in sensitive roles — journalists, judges, domestic abuse survivors, executives — these services are often worth the cost.
Practical Steps to Reduce Future Data Collection
Stopping the bleeding is just as important as removing existing records. The less raw material brokers can collect today, the smaller your profile becomes tomorrow.
Daily Privacy Habits That Actually Work
- Use email aliases from services like SimpleLogin, Apple Hide My Email, or Firefox Relay so each signup gets a unique address.
- Use masked phone numbers from services like MySudo or Google Voice for non-critical accounts.
- Switch to a privacy-respecting browser like Brave, Firefox with strict tracking protection, or LibreWolf.
- Enable encrypted DNS (DNS-over-HTTPS) through providers like Cloudflare 1.1.1.1 or NextDNS to block tracker domains at the network level.
- Audit app permissions monthly and revoke location, contacts, and background access wherever possible.
- Pay with virtual cards (Privacy.com, Revolut, or your bank's equivalent) to prevent purchase tracking.
- Opt out of loyalty programs that share data, or use a pseudonym where legally allowed.
- Shorten and mask links you share publicly using a privacy-respecting shortener like Lunyb, which lets you control link analytics without handing data to ad networks. You can read more in our honest Lunyb review.
- Limit social media oversharing — birthdays, employer changes, and vacation photos are gold for profilers.
Tools and Resources Worth Knowing
A combination of small habits and well-chosen tools dramatically shrinks your data broker footprint.
| Category | Recommended Tools | Purpose |
|---|---|---|
| Email aliases | SimpleLogin, Firefox Relay, Apple Hide My Email | Prevent email-based linkage |
| Encrypted DNS | Cloudflare 1.1.1.1, NextDNS, Quad9 | Block trackers network-wide |
| Browser privacy | Brave, Firefox, uBlock Origin | Stop fingerprinting and ads |
| Removal services | DeleteMe, Optery, Incogni, Kanary | Automate broker opt-outs |
| Virtual cards | Privacy.com, Revolut | Anonymize purchases |
| Privacy-first link sharing | Lunyb | Share links without ad-tech tracking |
If you regularly publish links — in newsletters, social posts, or QR codes — choosing the right shortener matters. Our 2026 buyer's guide to URL shorteners and our Rebrandly review compare the leading options on privacy, pricing, and features.
The Future of the Data Broker Industry
Three trends will shape the next few years:
- Universal opt-out signals like Global Privacy Control (GPC) are becoming legally binding in more jurisdictions, allowing one browser setting to apply across thousands of sites.
- AI-driven inference means brokers can now predict sensitive attributes (health conditions, sexual orientation, political views) from harmless-looking data, raising the stakes of every disclosure.
- Centralized deletion portals, modeled after California's DELETE Act, will likely spread internationally, making mass opt-out a single-click process within a few years.
Until that happens, privacy remains a personal responsibility — but one that's increasingly manageable with the right knowledge and tools.
Frequently Asked Questions
Are data brokers legal?
Yes, in most countries data brokers operate legally, though they must comply with applicable privacy laws like GDPR, CCPA, and emerging US state regulations. Legality doesn't mean ethical — many practices that are technically legal in one jurisdiction would be illegal in another.
How much money do data brokers make from my information?
Estimates vary, but a typical detailed consumer profile sells for between $0.10 and $5 depending on the buyer and attributes included. Across thousands of transactions per person per year, the cumulative value can reach hundreds of dollars annually — none of which goes to you.
Will removing myself from data broker sites stop all tracking?
No. Removal reduces visibility on people-search sites and limits some marketing exposure, but new data is constantly collected from apps, websites, and public records. Removal must be combined with ongoing prevention habits like encrypted DNS, email aliases, and careful app permissions.
Can data brokers sell information about children?
In the US, the Children's Online Privacy Protection Act (COPPA) restricts collection from children under 13 without parental consent, and similar rules exist under GDPR for users under 16. Enforcement is inconsistent, and teens are routinely profiled. Parents should audit app permissions and limit data-sharing apps on family devices.
Is it worth paying for a data removal service?
For most people in high-risk roles (public figures, healthcare workers, abuse survivors, executives), yes — the time savings and broader broker coverage justify the $100–$250 annual cost. For others, manual opt-outs from the top 20–30 brokers cover the highest-impact sites for free if you're willing to spend a few hours per year.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
How to Protect Your Privacy Online in Australia: 2026 Guide
A practical 2026 guide to protecting your privacy online in Australia. Covers the Privacy Act, locking down accounts, encrypted DNS, scam prevention, and what to do after a data breach like Optus or Medibank.
AI and Privacy: What You Need to Know in 2026
AI is now embedded in almost every digital interaction, and the privacy implications are larger than ever. This 2026 guide explains how AI collects your data, the biggest risks to watch for, current global regulations, and the practical steps you can take to stay in control.
How to Stop AI from Tracking You Online: A Complete 2026 Privacy Guide
AI systems are tracking you in ways cookies never could — through fingerprints, behavior, and content scraping. This 2026 guide breaks down exactly how to stop AI tracking with practical browser settings, opt-outs, server rules, and legal tools.
GDPR vs CCPA: Understanding Your Privacy Rights in 2026
GDPR and CCPA are the world's most influential privacy laws, but they take very different approaches. This guide compares scope, rights, consent models, fines, and compliance steps so you understand exactly how each one protects your data.