Data Brokers: Who Is Selling Your Personal Information in 2026

Every time you sign up for a loyalty card, install a free app, or browse a news website, your personal information is quietly being harvested, packaged, and sold. The buyers? A multi-billion-dollar industry of data brokers most consumers have never heard of. These companies build detailed profiles on virtually every adult in the developed world, then sell that information to advertisers, insurers, employers, political campaigns, and sometimes scammers.

This guide explains exactly who data brokers are, what they know about you, how they make money, and what you can do to take back control of your personal information.

What Are Data Brokers?

Data brokers are companies that collect, aggregate, analyze, and sell personal information about consumers without having a direct relationship with them. Unlike a bank or retailer you knowingly do business with, data brokers operate behind the scenes, purchasing information from thousands of sources and resold it to anyone willing to pay.

The U.S. Federal Trade Commission estimates the data broker industry generates more than $240 billion globally each year. Major players include Acxiom, Experian, Equifax, LexisNexis, Oracle Data Cloud, Epsilon, CoreLogic, and hundreds of smaller specialized firms targeting niches like healthcare, real estate, or political affiliation.

The Three Main Types of Data Brokers

Marketing data brokers — Sell consumer profiles to advertisers for targeted campaigns (e.g., Acxiom, Epsilon).
Risk mitigation brokers — Provide identity verification and fraud detection to banks, insurers, and landlords (e.g., LexisNexis, ID Analytics).
People-search brokers — Offer public records, addresses, and phone numbers via consumer-facing websites (e.g., Spokeo, Whitepages, BeenVerified).

What Information Do Data Brokers Collect?

The scope of data broker collection is staggering. A single profile can contain thousands of attributes spanning your finances, health, behavior, relationships, and movements. Here's a breakdown of typical categories.

Common Data Points Sold by Brokers

Category	Examples	Typical Source
Identity	Full name, aliases, date of birth, SSN fragments	Public records, credit bureaus
Contact	Address history, phone numbers, email addresses	Utility records, voter rolls
Financial	Estimated income, credit tier, debts, investments	Credit headers, loan applications
Demographic	Age, gender, ethnicity, religion, language	Census, surveys, social media
Behavioral	Purchase history, web browsing, app usage	Cookies, loyalty programs, SDKs
Health	Conditions inferred from purchases, pharmacy data	Coupon sites, wellness apps
Location	Home, work, frequented places, travel patterns	Mobile app SDKs, Wi-Fi tracking
Relationships	Spouse, children, neighbors, coworkers	Social networks, public records
Political	Party affiliation, donation history, issue interest	Voter files, petition signatures

How Do Data Brokers Get Your Information?

Data brokers acquire information through a combination of public records, commercial partnerships, and online tracking. Most consumers are shocked to learn how many of their everyday actions feed the system.

Primary Collection Channels

Public records — Court filings, property deeds, marriage licenses, voter registrations, and business registrations are scraped systematically.
Commercial transactions — Retailers, magazines, and warranty programs sell customer lists. Loyalty cards link your purchases to your identity.
Online tracking — Cookies, browser fingerprinting, pixel tags, and mobile advertising IDs follow you across thousands of websites and apps.
Mobile app SDKs — Free apps embed software development kits that quietly transmit location, contacts, and usage data to brokers.
Social media scraping — Public profiles, posts, and connections are harvested at scale.
Data partnerships — Brokers trade and merge datasets, exponentially enriching each profile.
Surveys and sweepstakes — That "free iPhone giveaway" exists primarily to collect demographic data.

Who Buys Data From Brokers?

The customer base for data brokers is far broader than most people realize, and it extends well beyond targeted advertising.

Typical Buyers and Their Use Cases

Advertisers and marketers — Build lookalike audiences and personalize ads across platforms.
Banks and lenders — Assess creditworthiness and detect fraud before approving loans.
Insurance companies — Set premiums based on lifestyle, location, and risk factors.
Employers and landlords — Run background checks before hiring or renting.
Political campaigns — Micro-target voters with tailored messaging.
Law enforcement and government — Purchase commercial data to bypass warrant requirements in some jurisdictions.
Debt collectors and skip tracers — Locate individuals who have moved.
Scammers and stalkers — Unfortunately, low-tier people-search sites are routinely used to facilitate fraud and harassment.

The Real-World Risks of Data Broker Activity

The consequences of unchecked data brokerage extend far beyond annoying ads. Profiles assembled and sold by these companies can affect your finances, safety, and opportunities in life.

Documented Harms

Identity theft — Aggregated profiles give criminals everything needed to impersonate you.
Discriminatory pricing — Studies show online retailers and insurers charge different prices based on inferred demographics.
Stalking and domestic abuse — Abusers routinely use people-search sites to locate victims who have relocated.
Phishing and scam targeting — Elderly individuals are deliberately profiled and sold to scammers as "suckers lists."
Employment discrimination — Inferred health conditions or political views can quietly influence hiring decisions.
Insurance denial — Wellness data scraped from apps has been used to raise premiums.
Loss of anonymity — Even "anonymized" datasets can be re-identified with as few as three data points (ZIP code, birthdate, gender).

Data Broker Regulation Around the World

Regulatory approaches to data brokers vary dramatically by region. Knowing your rights is the first step to enforcing them.

Major Privacy Laws Affecting Data Brokers

Region	Law	Key Rights for Consumers
European Union	GDPR	Right to access, delete, and object to processing
United Kingdom	UK GDPR + DPA 2018	Same as EU GDPR with UK-specific oversight
California, USA	CCPA / CPRA	Right to know, delete, opt out of sale; mandatory broker registry
Vermont, USA	Data Broker Law	Brokers must register publicly
Texas & Oregon, USA	State broker registries	Public registration and disclosure requirements
Canada	PIPEDA	Consent and access rights, with reform underway
Australia	Privacy Act 1988	Access, correction, complaint to OAIC
Brazil	LGPD	Similar to GDPR, including deletion rights

In 2024 the California Privacy Protection Agency launched the DROP (Delete Request and Opt-Out Platform), which by 2026 will allow Californians to submit a single deletion request that all registered data brokers must honor — a global first.

How to Remove Your Information From Data Brokers

Removing yourself from data broker databases is tedious but absolutely possible. Here's a proven step-by-step approach.

Step-by-Step Opt-Out Process

Create a dedicated email address — Use it only for opt-out correspondence so brokers can't link it to your main identity.
Start with the biggest brokers — Acxiom, Epsilon, LexisNexis, Oracle, CoreLogic, and Experian Marketing Services all offer opt-out forms.
Tackle people-search sites — Spokeo, Whitepages, BeenVerified, MyLife, Radaris, Intelius, PeopleFinder, and 50+ others each require individual removal.
Submit GDPR/CCPA requests — If you're in an eligible region, send formal deletion requests citing the relevant law.
Suppress your address in public records — Many U.S. states offer address confidentiality programs for survivors of stalking or domestic violence.
Repeat every 3–6 months — Brokers re-acquire your information from public records, so opt-outs are not permanent.
Consider a paid service — Tools like DeleteMe, Kanary, Optery, and Incogni automate removal from 100–700 brokers for $100–$300 per year.

Recommended Opt-Out Priority List

Acxiom — isapps.acxiom.com/optout
Epsilon — epsilon.com/consumer-information-privacy
Oracle Data Cloud — oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html
LexisNexis — optout.lexisnexis.com
CoreLogic — corelogic.com/privacy
Spokeo, Whitepages, BeenVerified, MyLife, Radaris, Intelius

How to Reduce What Brokers Collect Going Forward

Opting out is only half the battle. Reducing the flow of new data into broker hands is equally important.

Practical Privacy Hygiene

Use a privacy-focused browser — Brave, Firefox with strict tracking protection, or Safari with Intelligent Tracking Prevention.
Block trackers at the DNS level — Services like NextDNS, Pi-hole, or Control D stop ad-tech requests before they leave your network.
Reset advertising IDs monthly — Both iOS and Android allow this in settings.
Limit app permissions — Especially location, contacts, and microphone access.
Use email aliases — Services like SimpleLogin, Apple Hide My Email, or Firefox Relay prevent cross-site identity linking.
Mask shared links — When sharing URLs publicly or in marketing, a privacy-respecting shortener such as Lunyb avoids leaking referrer data and tracking parameters that can be aggregated by brokers. You can read our independent breakdown in our honest Lunyb review.
Pay with privacy-preserving methods — Virtual cards from Privacy.com or your bank limit purchase tracking.
Avoid loyalty cards tied to your real identity, or use a fake name/throwaway email.

The Future of the Data Broker Industry

Several major shifts are reshaping the data broker landscape heading into 2026 and beyond:

The death of third-party cookies — Chrome is finally phasing them out, pushing brokers toward server-side tracking and first-party data partnerships.
State-level U.S. legislation — More than 20 states now have or are drafting comprehensive privacy laws modeled after California.
Federal scrutiny — The FTC has banned several brokers from selling sensitive location data, and the CFPB is rewriting rules to classify credit-header data as a consumer report.
AI-driven inference — Even when explicit data is removed, AI models can infer sensitive attributes from innocuous behavioral signals, creating new privacy challenges.
Universal opt-out signals — Global Privacy Control (GPC) browser signals are now legally binding in California and several other states.

For a deeper look at how marketing tools handle tracking responsibly, see our 2026 buyer's guide to URL shorteners and our in-depth Rebrandly review.

Frequently Asked Questions

Is it legal for data brokers to sell my personal information?

In most countries, yes — provided the broker complies with applicable privacy laws. In the EU, UK, Brazil, and California, brokers must have a legal basis and honor your rights to access and deletion. In much of the rest of the U.S., the practice remains largely unregulated, although a growing number of states require brokers to register publicly.

How much is my personal data worth?

Individually, surprisingly little — a typical consumer profile sells for fractions of a cent in real-time advertising auctions. However, more detailed packages (such as health condition lists or high-net-worth individuals) can sell for $0.50 to several dollars per record. The industry's profitability comes from selling billions of records at massive scale.

Can I really remove myself from every data broker?

You can remove yourself from the vast majority of consumer-facing people-search sites and major marketing brokers, but complete removal is practically impossible because new brokers emerge constantly and public records continuously feed the ecosystem. Most experts recommend treating opt-outs as ongoing maintenance rather than a one-time project, or using a paid removal service to automate it.

Do paid data removal services actually work?

Reputable services like DeleteMe, Optery, Kanary, and Incogni do successfully remove information from 100–700 brokers and re-scan regularly. Independent tests show they remove 60–90% of public listings within a few months. They cannot, however, address brokers that don't offer opt-outs or sensitive data held by credit bureaus and government records.

What's the single most effective step I can take today?

Submit opt-out requests to the top five aggregator brokers — Acxiom, Epsilon, Oracle Data Cloud, LexisNexis, and CoreLogic — because they supply data to hundreds of downstream buyers. Combined with enabling Global Privacy Control in your browser and limiting mobile app permissions, this single afternoon of effort meaningfully reduces your exposure across the entire ecosystem.

Final Thoughts

Data brokers operate one of the largest, least visible industries in the modern economy. While you can't disappear from their databases entirely, every opt-out you submit, every tracker you block, and every privacy-aware tool you adopt makes your profile less valuable and less complete. Privacy isn't an all-or-nothing proposition — it's a continuous practice. Start with the steps in this guide, repeat them annually, and you'll reclaim far more control than the industry would like you to think is possible.