Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you browse a website, sign up for a loyalty card, or download a free app, your personal information likely ends up in the hands of data brokers—companies you've never heard of that buy, package, and sell details about your life. The global data broker industry is now worth over $300 billion, and most consumers have no idea their data is being traded behind the scenes.
This guide explains exactly who data brokers are, what they know about you, who buys your information, and the concrete steps you can take to remove yourself from their databases.
What Are Data Brokers?
Data brokers are companies that collect, aggregate, analyze, and sell personal information about individuals—often without their direct knowledge or consent. They build detailed profiles by combining public records, online activity, purchase histories, and information bought from other businesses.
Unlike companies you interact with directly (like your bank or email provider), data brokers operate in the background. You never sign up for their services, yet they likely hold hundreds of data points about you, including your name, address, income range, health conditions, political views, and shopping habits.
The Three Main Types of Data Brokers
- People-search sites: Public-facing services like Spokeo, BeenVerified, and Whitepages that let anyone look up your address, phone number, and relatives.
- Marketing data brokers: Companies like Acxiom, Epsilon, and Experian Marketing Services that sell consumer profiles to advertisers.
- Risk mitigation brokers: Firms like LexisNexis and CoreLogic that sell data to insurers, lenders, and employers for background checks and risk scoring.
The Biggest Data Brokers Selling Your Personal Information
While there are over 4,000 data brokers operating globally, a handful dominate the market. Here are the largest players you should know about:
| Data Broker | Primary Business | Estimated Profiles | Annual Revenue |
|---|---|---|---|
| Acxiom (LiveRamp) | Marketing & advertising data | 2.5+ billion | $650M+ |
| Experian | Credit & marketing data | 1+ billion | $7B+ |
| Equifax | Credit & identity data | 800+ million | $5B+ |
| LexisNexis Risk Solutions | Risk & legal data | 500+ million | $2.7B+ |
| Oracle Data Cloud | Advertising data | 2+ billion | $1B+ (segment) |
| Epsilon | Marketing data | 250+ million | $2B+ |
| CoreLogic | Property & financial data | 4.5B property records | $1.6B+ |
How Data Brokers Collect Your Personal Information
Data brokers don't typically hack into systems—they legally acquire information from dozens of sources and combine them into rich profiles. Understanding their methods is the first step toward protecting yourself.
1. Public Records
Court filings, property deeds, marriage and divorce records, voter registrations, and business licenses are all scraped from government databases. These records are free to access but enormously valuable when aggregated at scale.
2. Commercial Sources
Retailers sell your purchase history. Loyalty programs share buying habits. Magazine subscriptions, charity donations, warranty registrations, and product surveys all become data points. That "free" coupon for entering your email? It's often a data collection mechanism.
3. Online Tracking
Cookies, tracking pixels, browser fingerprinting, and mobile advertising IDs follow you across the web. Every site you visit, every ad you click, and every video you watch can be logged and sold. Apps that request location permissions often resell your movement data to brokers.
4. Social Media Scraping
Public posts, profile information, friend connections, photos, and engagement patterns are systematically harvested. Even "private" posts can leak through third-party apps you've authorized.
5. Data Partnerships and Purchases
Brokers buy data from each other constantly, creating a self-reinforcing ecosystem. When one broker acquires new information, it's often resold to dozens of others within days.
What Information Data Brokers Actually Have on You
The depth of broker profiles can be unsettling. A typical adult consumer profile contains 1,500+ data points across these categories:
- Identity: Full name, aliases, date of birth, Social Security Number (in some cases), driver's license
- Contact: Current and previous addresses, phone numbers, email addresses
- Family: Spouse, children, relatives, neighbors, roommates
- Financial: Estimated income, net worth, credit score range, mortgage details, investments
- Health: Inferred conditions, prescriptions, fitness habits, insurance type
- Behavior: Shopping preferences, brands you buy, restaurants you visit, travel patterns
- Beliefs: Political affiliation, religious views, charitable causes, lifestyle interests
- Digital: Devices owned, websites visited, apps used, social media activity
Who Buys Your Personal Information?
Data brokers have a long list of customers willing to pay for detailed consumer profiles. The buyers fall into several categories:
Advertisers and Marketers
The largest segment. Brands buy targeted audience segments to deliver ads to people most likely to convert—new parents, recent home buyers, vegetarians, frequent travelers, and thousands of other niches.
Financial Institutions
Banks, lenders, and insurers use broker data for credit decisions, fraud detection, and risk scoring. This is why a single late payment can affect your offers across the entire industry.
Employers and Background Check Services
Hiring decisions increasingly involve broker-supplied background reports that go far beyond criminal history.
Political Campaigns
Campaigns purchase voter profiles enriched with consumer data to micro-target messages by neighborhood, lifestyle, and inferred political views.
Government Agencies
Law enforcement and intelligence agencies routinely buy data from brokers, sometimes bypassing the legal protections that would apply if they collected it directly.
Scammers and Bad Actors
While most brokers claim to vet buyers, investigations have repeatedly shown that scammers, stalkers, and fraudsters can purchase consumer data with minimal scrutiny—a major reason removal is so important.
The Real Risks of Data Broker Activity
Why does this matter? Beyond the creep factor, broker data fuels concrete harms:
- Identity theft: Aggregated profiles give thieves everything they need to impersonate you.
- Targeted scams: Phishing and elder fraud schemes use broker data to craft believable lures.
- Stalking and harassment: People-search sites have been used to locate domestic abuse victims and journalists.
- Discrimination: Inferred data can lead to discriminatory ad targeting in housing, employment, and credit.
- Price manipulation: Companies use your profile to charge different prices for the same product.
- Insurance and loan denials: Decisions made from inaccurate broker data are often unappealable.
How to Remove Your Data from Data Brokers
You have more rights than you might think, especially under regulations like the GDPR (Europe), CCPA/CPRA (California), and similar laws in Virginia, Colorado, Connecticut, and other states. Here's a practical removal plan:
Step 1: Identify Where Your Data Appears
Search your name in Google along with your city. Check major people-search sites: Spokeo, Whitepages, BeenVerified, MyLife, Intelius, PeopleFinder, Radaris, and FastPeopleSearch. Make a list of every site where you appear.
Step 2: Submit Opt-Out Requests
Each broker has its own opt-out process, usually buried deep in their privacy policy. You'll typically need to:
- Locate the opt-out or data deletion page
- Verify your identity (sometimes requiring a photo ID)
- Submit a removal request
- Wait 7–45 days for processing
- Re-check periodically because data often reappears
Step 3: Use Privacy Removal Services
Services like DeleteMe, Kanary, Optery, and Incogni automate removal across hundreds of brokers for a yearly fee ($100–$200). They're worth it if you value time over money.
Step 4: Exercise Your Legal Rights
If you live in a state or country with privacy laws, you can demand deletion in writing. Brokers must comply within 30–45 days. Keep records in case you need to file a complaint with regulators.
Step 5: Reduce Future Data Leakage
Removal is pointless if you keep feeding the system. Adopt these habits going forward:
- Use a privacy-focused browser (Brave, Firefox with strict tracking protection)
- Block trackers with uBlock Origin or Privacy Badger
- Avoid loyalty programs that share data, or use a dedicated email alias
- Reset your mobile advertising ID monthly
- Use email aliases (Apple Hide My Email, SimpleLogin) when signing up
- Be cautious with shortened links from unknown sources—use a privacy-respecting shortener like Lunyb when sharing your own links to avoid handing tracking data to third parties
For a deeper toolkit, see our guide on 8 tools to protect your online identity in 2026.
Privacy Laws That Protect You from Data Brokers
Regulation is finally catching up with the broker industry. Here's where things stand globally:
| Region | Law | Key Rights |
|---|---|---|
| European Union | GDPR | Right to access, delete, correct, and object to processing |
| United Kingdom | UK GDPR / DPA 2018 | Same as EU GDPR |
| California | CCPA / CPRA | Right to know, delete, opt out of sale, limit sensitive data use |
| Texas, Virginia, Colorado, others | State privacy laws | Deletion and opt-out rights |
| California (specifically) | Delete Act (2026) | Single request to delete from all registered brokers |
| Brazil | LGPD | Similar rights to GDPR |
| Canada | PIPEDA | Access, correction, withdrawal of consent |
| Australia | Privacy Act 1988 | Access and correction rights |
California's Delete Act, taking full effect in 2026, is particularly powerful—it lets residents delete their data from every registered broker with a single request via the state's Privacy Protection Agency.
The Future of Data Brokerage
The industry is evolving rapidly. AI-powered profiling is making inferences more accurate (and more invasive), while new regulations are forcing greater transparency. Expect three trends to shape 2026 and beyond:
- Centralized opt-out registries: More jurisdictions will follow California's lead with one-stop deletion mechanisms.
- Browser-level controls: Global Privacy Control (GPC) signals are becoming legally binding in more states.
- AI-driven inferences: Brokers are shifting from raw data to predictive profiles, raising questions about what counts as "personal information."
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most jurisdictions, yes—though that's changing fast. Brokers operate legally as long as they comply with applicable privacy laws. In the EU and California, however, they must honor deletion and opt-out requests, and selling certain sensitive data (health, biometrics, children's data) faces strict limits.
How much does a data broker profile sell for?
Individual profiles are cheap—often pennies per record when sold in bulk. Highly specific segments (e.g., "diabetic men aged 55+ in zip code 90210") can cost $0.50–$2 per record. Custom B2B audiences sometimes sell for hundreds of dollars per thousand records.
Can I find out exactly what data brokers have on me?
Yes, but it takes effort. Under GDPR and CCPA, you can submit a "data access request" to any broker and they must provide a copy of what they hold. Major brokers like Acxiom and Experian have online portals for this purpose. Expect to receive 50–500 pages of data per broker.
Will removing myself from data brokers stop targeted ads?
It will reduce them significantly but not eliminate them. Real-time bidding networks, browser fingerprinting, and contextual ads will continue. Combine broker removal with tracker blocking and email aliases for the strongest effect.
How often should I check if my data has reappeared?
Every 3–6 months. Brokers regularly re-acquire data from new sources, and your information often reappears even after successful removal. Automated services like Optery or DeleteMe handle this continuously, which is their main value proposition.
Final Thoughts
Data brokers are the invisible infrastructure of the modern surveillance economy. Most operate legally, but the volume and sensitivity of what they collect—and who they sell it to—poses real risks to your privacy, finances, and physical safety. The good news: you have more control than you think. By submitting opt-out requests, exercising your legal rights, and adopting privacy-respecting tools, you can dramatically reduce your exposure.
Privacy in 2026 isn't about going off-grid; it's about understanding the systems that profile you and pushing back where it matters most. Start with the biggest brokers, build the habit of checking quarterly, and treat your personal information like the valuable asset it is—because someone, somewhere, is already treating it that way.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
AI and Privacy: What You Need to Know in 2026
AI is reshaping privacy in 2026, from new global regulations to deepfakes and biometric surveillance. Learn the key risks, your legal rights, and practical steps to protect your personal data when using AI tools at home and at work.
How to Do a Personal Data Audit: The Complete 2026 Step-by-Step Guide
A personal data audit helps you discover exactly what information companies, apps, and data brokers hold about you—and lets you take it back. This complete guide walks you through the process, tools, and templates you need to audit your digital life in a single weekend.
Your Digital Footprint: What It Is and How to Control It in 2026
Your digital footprint shapes everything from job offers to fraud risk. This 2026 guide explains active vs passive footprints, how to audit yours, and 15 actionable steps to take back control of your online identity.
How Much Is Your Personal Data Worth? The 2026 Price Guide
Your personal data is bought and sold every day, but most people have no idea what it's actually worth. This guide breaks down the real market prices for everything from your email address to your medical records, and shows you how to take back control.