Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a newsletter, swipe a loyalty card, or scroll through a website, an invisible industry is watching, recording, and packaging your behavior for sale. Data brokers are the middlemen of the modern internet economy, and most consumers have never heard of them, let alone consented to their practices. Yet these companies hold thousands of data points on nearly every adult in the developed world.
This guide explains who data brokers are, what they know about you, how they make money selling your personal information, and the concrete steps you can take to reclaim your privacy.
What Are Data Brokers?
Data brokers are companies that collect, aggregate, and sell personal information about consumers without having a direct relationship with them. Unlike Facebook or Google, which gather data from users of their own services, data brokers harvest information from hundreds of sources and resell it to marketers, insurers, employers, political campaigns, law enforcement agencies, and even other data brokers.
The U.S. Federal Trade Commission estimates that the data broker industry generates over $250 billion annually. A single broker may hold more than 1,500 data points on each individual in its database, including income, religion, health conditions, sexual orientation, political views, and daily movements.
The Three Main Types of Data Brokers
- Marketing data brokers – Sell consumer profiles to advertisers and brands (e.g., Acxiom, Epsilon, Experian Marketing Services).
- People-search sites – Publish profiles with names, addresses, phone numbers, and relatives for public lookup (e.g., Spokeo, BeenVerified, Whitepages).
- Risk and fraud brokers – Provide data to banks, insurers, landlords, and employers for background checks (e.g., LexisNexis Risk Solutions, CoreLogic, TransUnion).
How Data Brokers Collect Your Personal Information
Data brokers rarely ask permission. Instead, they harvest information from a sprawling network of public, semi-public, and commercial sources. Understanding their collection pipeline is the first step toward shutting it down.
Common Data Sources
- Public records – Voter registrations, property deeds, court filings, marriage and divorce records, business licenses.
- Commercial transactions – Loyalty programs, warranty registrations, magazine subscriptions, credit card purchase histories.
- Online behavior – Cookies, tracking pixels, mobile SDKs, browser fingerprinting, and social media scraping.
- Mobile apps – Location data sold by weather, dating, prayer, and fitness apps to data brokers like X-Mode, Cuebiq, and SafeGraph.
- Data partnerships – Banks, telecom carriers, retailers, and even some government agencies sell or share data with brokers.
- Leaked and breached databases – Some brokers ingest stolen credentials and breach data to enrich profiles.
The Biggest Data Brokers and What They Sell
The data broker industry is dominated by a handful of giants with global reach. The table below highlights the largest players, their primary business, and the types of personal information they trade.
| Data Broker | Primary Focus | Data Points Collected | Estimated Profiles |
|---|---|---|---|
| Acxiom (LiveRamp) | Marketing & identity resolution | 1,500+ per person: income, lifestyle, purchases | 2.5 billion+ |
| Experian | Credit & marketing | Credit history, demographics, household data | 1 billion+ |
| Equifax | Credit & risk | Financial records, employment, income | 820 million+ |
| LexisNexis Risk Solutions | Fraud, insurance, law enforcement | Public records, court data, location | Billions of records |
| Epsilon | Marketing & advertising | Email lists, purchase behavior, demographics | 250 million U.S. consumers |
| Oracle Data Cloud | Programmatic advertising | Online & offline behavioral data | 5 billion+ IDs |
| Spokeo / BeenVerified | People search | Names, addresses, phones, relatives, social profiles | 120+ billion records |
What Data Brokers Actually Know About You
The depth of information held by data brokers shocks most people the first time they see their own file. A typical profile sold to advertisers may include:
- Full name, current and previous addresses, phone numbers, email addresses
- Date of birth, gender, ethnicity, marital status, number of children
- Estimated income, net worth, credit score range, homeowner status
- Political affiliation, religious beliefs, charitable donations
- Health-related interests (diabetes, depression, fertility, etc.)
- Shopping categories: luxury buyer, frequent traveler, pet owner, gun owner
- Device IDs, IP addresses, browsing history, app usage
- Real-time location patterns from mobile apps
- Inferred vulnerabilities: "financially stressed," "recently bereaved," "impulsive buyer"
Some brokers categorize consumers into sensitive segments such as "rape victims," "AIDS/HIV patients," or "elderly with dementia" — categories that were exposed in U.S. Senate investigations and remain available for purchase in less-regulated markets.
Who Buys Your Information and Why
The buyer side of the data broker market is as diverse as the data itself. Knowing who pays for your profile helps explain why this industry is so resistant to reform.
Primary Buyers
- Advertisers and brands – Target ads based on lifestyle, income, and life events.
- Insurance companies – Set premiums or deny coverage based on lifestyle and health inferences.
- Banks and lenders – Approve or reject applicants and detect fraud.
- Employers and landlords – Conduct background and tenant screening.
- Political campaigns – Microtarget voters with tailored messages (Cambridge Analytica was a low-tech version of this).
- Government agencies – Law enforcement and intelligence agencies purchase data to bypass warrant requirements.
- Scammers and stalkers – Cheap people-search sites give abusers, fraudsters, and identity thieves easy access to victims.
The Real-World Harms of Data Brokering
This is not an abstract privacy issue. Documented harms from the data broker industry include:
- Discriminatory pricing – Same product, different price based on your inferred income or ZIP code.
- Insurance denials – Health and life insurers using lifestyle data to raise premiums.
- Stalking and domestic violence – Abusers using people-search sites to locate victims.
- Targeting of vulnerable groups – Predatory lenders marketing payday loans to "financially stressed" segments.
- Identity theft – Aggregated profiles make social engineering and account takeover trivial.
- Government surveillance without warrants – Agencies buying location data to track citizens.
The Legal Landscape in 2026
Regulation is finally catching up, but unevenly. Here is where the major jurisdictions stand:
| Region | Key Law | Consumer Rights |
|---|---|---|
| European Union | GDPR | Access, deletion, opt-out of sale, strong enforcement |
| United Kingdom | UK GDPR & DPA 2018 | Similar to EU GDPR |
| California, USA | CCPA / CPRA | Right to know, delete, opt out; data broker registry |
| Texas, Oregon, Vermont | State broker registries | Required registration and opt-out mechanisms |
| Canada | PIPEDA (Bill C-27 pending) | Consent-based, limited enforcement |
| Australia | Privacy Act 1988 (reform underway) | Notification and access rights |
California's Delete Act, fully in force as of 2026, requires data brokers to honor a single "delete me" request through a centralized state portal — a model other jurisdictions are now copying.
How to Protect Yourself From Data Brokers
You cannot fully disappear from the data broker ecosystem, but you can dramatically shrink your footprint. Here is a practical, prioritized action plan.
1. Opt Out of the Largest Brokers
Submit opt-out requests directly to the major brokers. Most have buried forms — search "[broker name] opt out" to find them. Priority targets:
- Acxiom, Experian, Epsilon, Oracle, LexisNexis
- People-search sites: Spokeo, BeenVerified, Whitepages, Intelius, MyLife, PeopleFinder, Radaris
2. Use a Data Removal Service
Services like DeleteMe, Incogni, Kanary, and Optery automate opt-outs across 100–500+ brokers for $50–$180 per year. For most people, the time saved is worth the cost.
3. Lock Down Your Digital Hygiene
- Use a privacy-respecting browser (Brave, Firefox with strict tracking protection).
- Install uBlock Origin and a tracker blocker like Privacy Badger.
- Use email aliases (SimpleLogin, Apple Hide My Email, DuckDuckGo Email Protection) when signing up for services.
- Use a different phone number for marketing forms (Google Voice, MySudo).
- Disable mobile advertising IDs in iOS and Android settings.
- Revoke location permissions for apps that don't need them.
4. Be Careful With Links You Share — and Click
Many tracking pixels and data-collection campaigns ride on URLs. When sharing links publicly or in marketing, use a privacy-respecting URL shortener that does not resell click data. Lunyb, for example, is built on a privacy-first model that avoids the aggressive third-party tracking embedded in some free shorteners. You can read more in our honest Lunyb review or compare alternatives in our 2026 URL shortener buyer's guide.
5. Freeze Your Credit and Lock Sensitive Records
A credit freeze with Experian, Equifax, and TransUnion is free and blocks new account fraud — one of the worst downstream effects of broker-sold data.
6. Exercise Your Legal Rights
If you live in the EU, UK, California, or another covered region, send formal access (SAR/DSAR) and deletion requests. Many brokers comply quickly because legal disputes are expensive for them.
The Future of Data Brokering
The next five years will reshape this industry. Three trends are worth watching:
- Centralized deletion portals – Following California's Delete Act, expect more one-stop opt-out systems.
- AI-powered profiling – Large language models are being used to infer sensitive traits from sparse data, making opt-outs less effective.
- Privacy-enhancing technologies – Differential privacy, on-device processing, and confidential computing may shift advertising away from raw personal data — but only if regulators force the change.
The bottom line: data brokers will not disappear, but informed consumers, smart tools, and stronger laws can flip the balance of power. Every opt-out you submit, every tracker you block, and every privacy-respecting service you choose makes the surveillance economy a little less profitable.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most countries, yes — with caveats. The U.S. has no federal law banning the practice, though California, Texas, Oregon, and Vermont regulate brokers. The EU and UK require a legal basis under GDPR, which most broker activity struggles to meet, leading to ongoing enforcement actions.
How do I find out what data brokers know about me?
Submit a Subject Access Request (SAR) to major brokers like Acxiom, Experian, and LexisNexis. EU/UK residents have a legal right to a free copy within 30 days. California residents have similar rights under CCPA. Be prepared — the reports can run hundreds of pages.
Are data removal services like DeleteMe or Incogni worth it?
For most people, yes. Manually opting out of 200+ brokers takes 40+ hours and requires constant re-submission as brokers re-add your profile. Paid services automate this and typically pay for themselves in time saved within the first month.
Can I completely remove myself from data broker databases?
Realistically, no. Public records (property deeds, court filings, voter rolls) feed the ecosystem continuously, and new brokers emerge regularly. You can reduce your exposure by 80–95% with consistent effort, but full erasure is virtually impossible without going off-grid.
Do free apps really sell my location to data brokers?
Many do. Weather, dating, prayer, fitness, and even some flashlight apps have been documented selling precise GPS data to brokers like X-Mode (now Outlogic), Cuebiq, and SafeGraph. Review app permissions monthly and uninstall anything that requests location without a clear reason.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Private Browsing vs VPN: What Actually Protects You Online
Private browsing and VPNs both promise privacy — but they protect against completely different threats. Learn what each actually hides, what they can't stop, and how to combine them for real online protection in 2026.
How to Stop AI from Tracking You Online: The 2026 Privacy Guide
AI now tracks far more than cookies ever did — from your behavior to your voice. This 2026 guide walks through practical steps, opt-outs, and tools to stop AI from tracking you online without giving up the internet.
GDPR vs CCPA: Understanding Your Privacy Rights in 2026
GDPR and CCPA are the world's two most influential data privacy laws, but they protect consumers in very different ways. This guide breaks down the key differences, your rights under each, and what businesses need to know to stay compliant.
Online Privacy Tips for UK Residents 2026: The Complete Guide
From UK GDPR rights to VPNs, scam awareness, and smart home security – this 2026 guide gives British residents practical, up-to-date tips for protecting their online privacy. Learn the tools, habits, and legal protections that actually work today.