Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a newsletter, click an ad, apply for a loyalty card, or download a mobile app, an invisible economy springs into motion. Behind the scenes, thousands of companies known as data brokers are quietly collecting, packaging, and selling your personal information to advertisers, insurers, employers, political campaigns, and even government agencies. It is a multi-billion dollar industry that most consumers have never heard of, yet it profoundly shapes the ads you see, the prices you pay, and sometimes even the opportunities you are offered.
In this guide, we will unpack exactly who data brokers are, how they operate, what kinds of information they trade, and what you can do to reclaim control over your digital footprint.
What Are Data Brokers?
Data brokers are companies that specialize in collecting personal information about individuals from a wide variety of sources and then reselling that data, or insights derived from it, to third parties. They typically do not have a direct relationship with the people whose data they trade, which is what makes the industry so opaque and controversial.
The data broker industry is estimated to be worth over $250 billion globally in 2026, with major players like Acxiom, Experian, Equifax, LiveRamp, Oracle Data Cloud, and Epsilon holding dossiers on hundreds of millions of people. These profiles can contain thousands of individual data points per person, ranging from mundane demographic details to deeply sensitive information about health, finances, and behavior.
The Three Main Types of Data Brokers
- Marketing and advertising brokers: Companies like Acxiom and Epsilon that build consumer profiles used to target ads and personalize marketing campaigns.
- Risk mitigation brokers: Firms like LexisNexis and Thomson Reuters that provide data for fraud detection, identity verification, and background checks.
- People-search brokers: Public-facing sites like Spokeo, BeenVerified, and Whitepages that aggregate personal records and sell lookups to anyone with a credit card.
How Data Brokers Collect Your Personal Information
Data brokers rarely gather information directly from consumers. Instead, they aggregate data from dozens of sources, combining fragments into unified profiles through a process called data enrichment.
Common Data Sources
- Public records: Court documents, property deeds, voter registrations, marriage licenses, business filings, and bankruptcy records.
- Commercial transactions: Purchase histories from retailers, loyalty program data, warranty registrations, and subscription services.
- Online tracking: Cookies, pixels, mobile advertising IDs, and browser fingerprints that track your activity across websites and apps.
- Social media: Publicly posted profiles, connections, likes, and interests scraped from platforms.
- Mobile apps: Location data, device information, and behavioral analytics harvested from apps you install.
- Surveys and sweepstakes: Contest entries and "free" quizzes designed primarily to harvest personal details.
- Financial data: Credit bureau reports, banking relationships, and payment histories.
- Third-party sales: Data purchased from other brokers, forming a complex resale ecosystem.
What Information Do Data Brokers Sell?
The scope of data collected is staggering. A single consumer profile assembled by a large broker can contain 1,500 to 5,000 individual attributes. Below is a snapshot of the categories typically for sale.
| Category | Examples of Data Points | Typical Buyers |
|---|---|---|
| Identity | Full name, aliases, date of birth, SSN fragments, addresses | Marketers, background check firms |
| Demographics | Age, gender, ethnicity, marital status, household size | Advertisers, political campaigns |
| Financial | Estimated income, credit tier, debt levels, homeownership | Lenders, insurers, retailers |
| Health | Inferred conditions, prescription patterns, wellness interests | Pharma marketers, insurers |
| Behavioral | Purchase habits, hobbies, media consumption, brand loyalty | E-commerce, streaming services |
| Location | Home address, work address, travel patterns, GPS traces | Retailers, real estate, ad networks |
| Digital | Email addresses, device IDs, browser data, IP addresses | Ad tech, cybersecurity firms |
| Sensitive inferences | Political views, religion, sexual orientation, gambling habits | Political groups, specialized advertisers |
Who Buys This Data and Why?
The buyers of broker data are as diverse as the sources. Understanding who pays for your profile helps clarify why this information is so valuable.
Primary Buyers
- Advertisers and brands: To target campaigns with surgical precision based on demographics, interests, and buying history.
- Insurance companies: To assess risk for life, health, auto, and property policies, sometimes adjusting rates based on lifestyle inferences.
- Financial institutions: For credit decisions, fraud prevention, and marketing new products.
- Employers and landlords: To conduct background checks and screening.
- Political campaigns: To microtarget voters with tailored messaging.
- Government agencies: To supplement investigations, immigration enforcement, and tax compliance work, sometimes bypassing warrant requirements.
- Scammers and stalkers: Unfortunately, people-search sites make it trivial for bad actors to locate individuals for harassment or fraud.
The Real-World Risks of Data Brokers Selling Personal Information
The consequences of unregulated data trading go far beyond annoying targeted ads. Here are the tangible harms consumers face.
1. Price Discrimination
Retailers and service providers increasingly use broker data to show different prices to different customers. Two people shopping for the same flight or insurance policy may see wildly different quotes based on their inferred willingness to pay.
2. Identity Theft and Fraud
Data broker databases are frequent targets for hackers. The 2019 breach of the People Data Labs broker exposed 1.2 billion records. When these datasets leak, criminals gain everything they need to impersonate victims and commit financial fraud.
3. Stalking and Physical Safety
People-search sites have been implicated in numerous stalking cases. In 2020, a gunman used a broker site to find the home address of a federal judge, resulting in a fatal attack on her family. Domestic abuse survivors and public-facing professionals face particular danger.
4. Employment and Housing Discrimination
Some brokers sell "tenant screening" or "employment risk" reports that include inaccurate or misleading information, causing qualified applicants to be quietly rejected without knowing why.
5. Sensitive Category Targeting
Investigations have revealed brokers selling lists of people with dementia, HIV patients, sexual assault survivors, and even active-duty military personnel, groups that are especially vulnerable to exploitation.
The Legal Landscape in 2026
Regulation of data brokers has finally begun catching up to the industry, though enforcement remains uneven globally.
Key Regulations
- GDPR (European Union): Requires a lawful basis for processing personal data and grants residents strong rights to access, correct, and delete their information.
- CCPA and CPRA (California): Give Californians the right to know what data is collected, request deletion, and opt out of sale.
- California Delete Act (effective 2026): Creates a single portal where consumers can request deletion from all registered data brokers at once, a landmark shift.
- Vermont, Texas, and Oregon broker registries: Require data brokers to publicly register, increasing transparency.
- UK Data Protection Act and PIPEDA (Canada): Provide similar rights to GDPR with regional variations.
Despite these advances, enforcement is patchy, penalties are often modest compared to broker revenues, and many companies exploit loopholes such as claiming they only sell "anonymized" or "aggregated" data, categories that are notoriously easy to reverse-engineer.
How to Protect Yourself From Data Brokers
You cannot fully disappear from broker databases, but you can dramatically reduce your exposure. The following steps, taken systematically, will shrink your data shadow.
Step-by-Step Privacy Action Plan
- Audit your current exposure. Search your name on Google along with your city. Note which people-search sites appear.
- File opt-out requests. Every major broker offers a removal process, though many make it deliberately tedious. Start with Spokeo, BeenVerified, Whitepages, MyLife, Radaris, PeopleFinder, and Intelius.
- Use a removal service. Paid services like DeleteMe, Kanary, Optery, and Incogni automate opt-outs across hundreds of sites for $100 to $200 per year.
- Lock down your browser. Install a tracker-blocking browser like Brave or Firefox with strict privacy settings. Disable third-party cookies and use encrypted DNS services such as Cloudflare 1.1.1.1 or NextDNS.
- Minimize app permissions. Review location, contact, and advertising ID permissions on your phone. Reset your mobile advertising ID monthly.
- Use masked emails and phone numbers. Services like SimpleLogin, Firefox Relay, and Apple's Hide My Email prevent your real address from being sold.
- Be careful with links you share. When posting or sharing URLs publicly, use a privacy-respecting shortener like Lunyb that does not aggressively profile your audience for resale. You can read an honest review of Lunyb here.
- Freeze your credit. Place free freezes with Equifax, Experian, and TransUnion to prevent misuse of financial data.
- Opt out of pre-approved credit offers. Visit optoutprescreen.com to stop credit bureaus from selling your info to lenders.
- Read privacy policies before signing up. Look specifically for phrases like "share with partners," "sell to third parties," or "affiliated companies."
Choosing Privacy-Respecting Tools
Not all online tools are equal when it comes to your data. Whenever possible, choose services that publish clear privacy policies, minimize data collection, and do not monetize user information through resale. This principle extends to everyday utilities like link shorteners, cloud storage, email providers, and messaging apps.
For example, if you regularly share links on social media or in newsletters, the shortener you choose matters. Some free shorteners quietly log every click and sell the resulting behavioral data. If you are building a public brand or campaign, consider comparing options in our 2026 buyer's guide to URL shorteners or read our detailed Rebrandly review to see how enterprise-grade tools handle click data.
The Future of Data Brokerage
The next few years will be pivotal. Several trends are reshaping the industry.
- Universal opt-out mechanisms: Standards like Global Privacy Control (GPC) let browsers automatically signal opt-out preferences across every site you visit.
- Federal privacy legislation in the US: Long-delayed proposals like the American Privacy Rights Act may finally establish nationwide baseline protections.
- AI-driven inference: Machine learning enables brokers to infer sensitive attributes from innocuous data, complicating regulation.
- Data clean rooms: Advertisers and brokers are shifting to "privacy-preserving" architectures that limit raw data sharing while still enabling targeting.
- Consumer awareness: High-profile scandals and consumer education are shifting public opinion, and companies that respect privacy are increasingly gaining market advantage.
Conclusion
Data brokers selling personal information represent one of the most consequential yet least visible industries of our time. They shape decisions about your credit, insurance, employment, and even your physical safety, often without your knowledge or meaningful consent. While regulation is slowly closing the worst gaps, the burden still largely falls on individuals to protect themselves.
The good news is that meaningful action is possible. By auditing your digital footprint, filing opt-outs, using privacy-respecting tools, and staying informed about your rights, you can significantly reduce the amount of personal information circulating in the broker ecosystem. Privacy is no longer the default, but it remains achievable for those willing to take a few deliberate steps.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most jurisdictions, yes, provided brokers comply with applicable laws like GDPR in Europe or the CCPA in California. However, legality varies by data type and region. Certain categories, such as medical records covered by HIPAA in the US, have stricter protections. The core issue is that consumers often have no idea their data is being sold and rarely gave meaningful consent.
How much money do data brokers make from my information?
The value of any single individual's data is small, typically ranging from a fraction of a cent to a few dollars per record depending on richness and freshness. However, brokers aggregate hundreds of millions of profiles and sell access repeatedly, which is how the industry generates over $250 billion annually.
Can I completely remove myself from all data broker databases?
Complete removal is extremely difficult because new records are constantly generated from public sources, purchases, and online activity. However, you can reduce your visibility significantly through systematic opt-outs, removal services, and privacy-conscious habits. Expect this to be an ongoing process rather than a one-time cleanup.
How do I know which data brokers have my information?
Start by checking public registries in Vermont, California, Texas, and Oregon, which list registered brokers operating in those states. Google your name plus your city to identify people-search sites. Under GDPR and CCPA, you can also submit formal "right to know" requests to any broker you suspect holds your data.
Are free data broker removal tools as effective as paid services?
Free tools and DIY methods can be effective but are extremely time-consuming, often requiring 40 or more hours to opt out from major brokers. Paid services like DeleteMe, Optery, and Incogni automate the process and continuously monitor for reappearance, which is valuable because many brokers repopulate profiles from fresh data feeds within months.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Children's Online Privacy: A Parent's Complete Guide for 2026
Children's online privacy is under pressure from apps, schools, smart toys, and even well-meaning relatives. This parent's guide breaks down the laws, the real risks, and the practical steps you can take today to protect your kids' data and digital future.
GDPR vs CCPA: Understanding Your Privacy Rights in 2026
GDPR and CCPA are the world's two most influential privacy laws, but they take very different approaches. This guide explains your rights, key differences, business compliance requirements, and practical steps to protect your data online.
How to Stop AI from Tracking You Online: A Complete Privacy Guide
AI systems are scraping, profiling, and predicting your online behavior at unprecedented scale. This guide explains exactly how AI tracking works and gives you 10 practical steps to stop it — from opting out of AI training to hardening your browser and locking down social media.
Browser Fingerprinting: How Websites Track You Without Cookies
Browser fingerprinting silently identifies you online without cookies, using dozens of subtle browser and device signals. Learn how it works, who uses it, and the most effective ways to reduce your digital fingerprint in 2026.