Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a loyalty card, post on social media, browse a news site, or apply for a credit card, an invisible industry is taking notes. Data brokers are companies that quietly collect, package, and sell information about you—often without your knowledge or meaningful consent. In 2026, this multibillion-dollar industry remains one of the least understood threats to personal privacy.
This guide explains exactly who data brokers are, what they know about you, how they make money from your personal information, and—most importantly—what you can do to take control of your digital footprint.
What Are Data Brokers?
Data brokers are companies that collect personal information about individuals from a wide range of sources and resell it to advertisers, marketers, insurers, financial institutions, employers, governments, and even other data brokers. They typically operate without a direct relationship with the people whose data they sell.
The industry is sometimes called the "data broker ecosystem" or "information services industry." Estimates from 2025 placed its global value at over $300 billion, with thousands of firms operating worldwide. Unlike platforms like Facebook or Google—where you at least sign a terms-of-service agreement—data brokers usually have no consumer-facing product. You are the product, but you are not the customer.
The Three Main Types of Data Brokers
- Marketing and advertising brokers: Build profiles for targeted ads and consumer segmentation (e.g., Acxiom, Epsilon, Oracle Data Cloud).
- Risk mitigation and identity brokers: Sell data for fraud detection, identity verification, and background checks (e.g., LexisNexis Risk Solutions, TransUnion, Equifax).
- People-search brokers: Aggregate public records and online data into searchable profiles (e.g., Spokeo, BeenVerified, Whitepages, Intelius).
What Information Do Data Brokers Collect?
Data brokers compile dossiers that can include hundreds—sometimes thousands—of data points per person. Categories typically include:
- Identity data: Full name, aliases, date of birth, gender, Social Security number (in the U.S.), national ID numbers.
- Contact data: Home addresses (current and historical), phone numbers, email addresses.
- Demographic data: Race, ethnicity, religion, marital status, number of children, household income.
- Financial data: Credit scores, estimated net worth, mortgage details, bankruptcies, investment behavior.
- Behavioral data: Browsing history, app usage, purchase history, location patterns from mobile devices.
- Health-adjacent data: Inferred medical conditions, fitness habits, pharmacy patterns, mental health indicators.
- Lifestyle data: Hobbies, political affiliations, charitable giving, vacation patterns, pet ownership.
- Relationship data: Family members, roommates, neighbors, professional associates.
The most invasive part isn't the raw data itself—it's the inferences. Brokers use machine learning to predict things you've never disclosed: whether you're likely pregnant, depressed, about to divorce, considering a job change, or struggling financially. These predictions are then sold as "audience segments."
Where Do Data Brokers Get Your Information?
Data flows into broker databases from a surprising number of sources. Understanding these channels is the first step to reducing your exposure.
1. Public Records
Court filings, property deeds, voter registrations, marriage and divorce records, business licenses, and professional licenses are all public by law in most jurisdictions. Brokers scrape and aggregate these at scale.
2. Commercial Sources
Retailers sell loyalty program data. Magazine subscribers get sold. Warranty cards, charity donations, sweepstakes entries, and survey responses are all monetized. That "free" coupon app on your phone is almost certainly selling your purchase history.
3. Web Tracking and Mobile SDKs
Cookies, pixels, fingerprinting scripts, and software development kits (SDKs) embedded in mobile apps collect browsing behavior and precise location data. A single weather app may ship your GPS coordinates to a dozen brokers every hour.
4. Social Media Scraping
Public posts, profile photos, friend lists, and engagement patterns are harvested—sometimes in violation of platform terms, sometimes via official APIs.
5. Data Breaches and the Dark Web
Some less reputable brokers purchase or scrape data from leaked databases, then launder it into "legitimate" marketing files.
6. Other Data Brokers
Brokers buy from and sell to each other constantly, enriching their datasets through cross-matching. This is why deleting yourself from one broker barely dents your overall exposure.
The Biggest Data Brokers You've Probably Never Heard Of
Below is a snapshot of major players in the 2026 data broker landscape. Most consumers have no idea these companies exist, yet they likely have detailed files on you.
| Company | Primary Focus | Estimated Records | Headquarters |
|---|---|---|---|
| Acxiom (LiveRamp) | Marketing profiles | 2.5+ billion consumers | USA |
| Epsilon (Publicis) | Marketing and identity | 250M+ U.S. consumers | USA |
| Oracle Data Cloud | Audience segments | 5+ billion device IDs | USA |
| LexisNexis Risk Solutions | Risk and identity | Billions of records | USA/UK |
| Experian Marketing Services | Credit and marketing | 1+ billion consumers | Ireland/UK |
| Equifax | Credit and risk | 800M+ consumers | USA |
| Spokeo | People search | 12+ billion records | USA |
| BeenVerified | People search | Billions of records | USA |
| CoreLogic | Property and consumer | 4.5B+ property records | USA |
Who Buys Your Personal Information?
Data brokers serve a wide range of paying customers. Knowing who's on the buying side helps clarify why this industry is so resistant to change.
- Advertisers and marketers: The largest buyers, using profiles for targeted campaigns.
- Banks and lenders: For pre-screening loan offers and assessing creditworthiness.
- Insurers: For underwriting decisions on health, life, auto, and home policies.
- Employers and landlords: Through background-check services that draw on broker data.
- Political campaigns: For voter targeting and persuasion modeling.
- Law enforcement and government agencies: Often purchasing data they would need a warrant to obtain directly.
- Debt collectors and law firms: To locate individuals.
- Scammers and fraudsters: When data leaks or low-tier brokers fail vetting.
Why This Matters: Real-World Harms
The data broker industry isn't just abstract—it produces concrete harm.
Discrimination and Redlining
Algorithms trained on broker data have been shown to deny loans, raise insurance premiums, and exclude job applicants based on inferred ethnicity, ZIP code, or health status.
Stalking and Domestic Violence
People-search sites have repeatedly been used by abusers to locate survivors who have moved or changed names. Several U.S. states now restrict the publication of certain personal data after high-profile incidents.
Scams and Phishing
Detailed dossiers fuel hyper-personalized phishing. When a scammer knows your boss's name, your mortgage balance, and your recent purchases, the email looks far more convincing.
Surveillance
Government agencies in multiple countries purchase location and identity data from brokers to sidestep legal restrictions on warrantless surveillance. This is a documented and ongoing practice.
How to Protect Yourself From Data Brokers
You can't disappear entirely, but you can dramatically reduce your exposure with a layered approach.
1. Opt Out of Major Brokers
Most large brokers offer opt-out forms—often buried and slow to process. Priorities include Acxiom, Epsilon, Oracle, LexisNexis, Spokeo, BeenVerified, Whitepages, Intelius, and Radaris. Expect to repeat the process every 6–12 months, as data reappears.
2. Use a Data Removal Service
Services like DeleteMe, Kanary, Optery, and Incogni automate opt-outs across hundreds of brokers. They charge $100–$300 per year and are worth it for most people who value their time.
3. Exercise Your Legal Rights
If you live in the EU (GDPR), UK, California (CCPA/CPRA), Colorado, Virginia, Connecticut, Texas, or several other jurisdictions, you have the right to request access, deletion, and opt-out of sale. Use these rights aggressively.
4. Lock Down Your Devices and Browsing
- Use a privacy-focused browser (Brave, Firefox with strict tracking protection, or LibreWolf).
- Enable encrypted DNS (DNS-over-HTTPS or DNS-over-TLS) through providers like Cloudflare 1.1.1.1 or NextDNS.
- Block trackers and ads with uBlock Origin and Privacy Badger.
- Disable mobile advertising IDs in your phone settings and revoke location permissions from apps that don't need them.
5. Be Strategic About What You Share
Use unique email aliases (via SimpleLogin, Addy.io, or Apple Hide My Email) for every signup. Provide false or partial information where legally permissible. Decline loyalty programs that resell data. Use masked phone numbers when possible.
6. Protect Links You Share
When you share links on social media or in marketing campaigns, the destination URLs often leak data through query parameters and referrer headers. Privacy-respecting URL shorteners like Lunyb strip unnecessary tracking and let you control what's recorded about clicks—a useful complement to broader privacy hygiene. For a comparison of options, see our 2026 URL shortener buyer's guide.
7. Freeze Your Credit
In the U.S. and several other countries, you can place a free credit freeze with the major bureaus. This stops new accounts from being opened in your name and limits the use of credit-related broker data.
The Regulatory Landscape in 2026
Pressure on data brokers is increasing globally, though enforcement remains uneven.
| Region | Key Law | Consumer Rights |
|---|---|---|
| European Union | GDPR | Access, deletion, portability, object to processing |
| United Kingdom | UK GDPR / Data Protection Act 2018 | Similar to EU |
| California, USA | CCPA / CPRA / Delete Act | Access, deletion, opt-out of sale; one-stop deletion by 2026 |
| Other U.S. states | State privacy laws (CO, VA, CT, TX, etc.) | Access, deletion, opt-out (varies) |
| Canada | PIPEDA | Access, correction, withdraw consent |
| Australia | Privacy Act 1988 (under reform) | Access, correction; expanded rights pending |
| Brazil | LGPD | Access, deletion, portability |
California's Delete Act is particularly important: by 2026 it requires a single state-run portal allowing residents to request deletion across all registered brokers at once. Similar models are being studied in the EU and other U.S. states.
The Bottom Line
The data broker industry thrives on opacity. Most people don't know it exists, can't name the companies involved, and have no idea how detailed their personal dossiers really are. That's by design.
You won't eliminate your data footprint entirely—the public records and historical data are largely permanent—but you can significantly reduce ongoing collection, force deletions where the law allows, and limit the value of what brokers can still sell. Combine opt-outs, legal requests, browser hardening, and disciplined sharing habits, and you'll be in a much stronger position than 99% of consumers.
Privacy in 2026 is not a single product you buy. It's a set of habits, tools, and ongoing maintenance. The sooner you start, the less there is to clean up.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most jurisdictions, yes—provided they comply with applicable privacy laws. Regulations like GDPR, CCPA/CPRA, and similar state laws require disclosure, opt-out mechanisms, and limits on sensitive data, but they don't ban the industry outright. Enforcement is improving but inconsistent.
How much money do data brokers make from selling my data?
Individually, your data is cheap—often fractions of a cent per data point. But brokers sell to millions of customers across billions of records, generating an industry worth more than $300 billion annually. The value comes from scale and the combination of attributes, not any single record.
Can I completely remove myself from data broker databases?
Not entirely. Public records, historical data, and constant re-collection from new sources mean some information will always exist. However, you can remove yourself from most people-search sites and significantly reduce marketing-database exposure through opt-outs, legal requests, and removal services.
How often should I repeat opt-out requests?
At least every 6 to 12 months. Brokers frequently re-add profiles after acquiring new data sources, mergers, or database refreshes. Automated removal services handle this cycle for you, which is why many privacy-conscious users find them worth the subscription cost.
Are free people-search opt-outs effective?
They work for the specific site you opt out of, but only temporarily and only for that broker. Because the ecosystem includes hundreds of interconnected companies, removing yourself from one site has limited overall impact. A systematic, ongoing approach—either manual or through a paid service—is far more effective.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Browser Fingerprinting: How Websites Track You Without Cookies
Browser fingerprinting lets websites track you without cookies by collecting dozens of subtle device and browser signals. Learn how it works, what data is collected, and the practical steps to shrink your unique fingerprint and protect your privacy.
How to Do a Personal Data Audit: A Step-by-Step 2026 Guide
A personal data audit helps you find, control, and reduce the personal information companies and data brokers have on you. This step-by-step guide shows you exactly how to inventory accounts, check for breaches, opt out of brokers, and build privacy habits that stick.
Online Privacy Tips for UK Residents 2026: The Complete Guide
From passkeys and encrypted DNS to UK-specific scams and your rights under the Data (Use and Access) Act 2025, this guide collects the most practical online privacy tips for UK residents in 2026. Learn how to lock down accounts, harden your browser, and respond to data breaches.
Cookie Consent Banners: Do They Actually Protect You?
Cookie consent banners promise privacy protection, but how much do they actually deliver? This guide breaks down what cookie banners legally require, where they fail through dark patterns and consent fatigue, and the practical steps that genuinely safeguard your data.