Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you browse the web, sign up for a loyalty program, or install a mobile app, an invisible economy is hard at work collecting, packaging, and reselling details about your life. The companies behind this trade are called data brokers, and in 2026 their industry is worth an estimated $400 billion globally. Most people have never heard of them, yet these firms know your home address, income range, medical conditions, political leanings, and even the route you take to work.
This guide explains exactly who these data brokers are, how they obtain your personal information, who buys it, and what you can do to push back. Whether you're a casual internet user or a privacy-conscious professional, understanding the data broker ecosystem is the first step toward reclaiming control of your digital identity.
What Are Data Brokers?
Data brokers are companies that collect, aggregate, analyze, and sell personal information about consumers, usually without their direct knowledge or explicit consent. They operate behind the scenes, building detailed profiles that can include thousands of individual data points per person.
Unlike companies you interact with directly (such as your bank or social network), data brokers rarely have a consumer-facing relationship with you. Their customers are advertisers, insurance companies, employers, political campaigns, debt collectors, law enforcement agencies, and other businesses willing to pay for granular consumer insights.
The Three Main Types of Data Brokers
- Marketing and advertising brokers — Build audience segments for targeted ads (e.g., "new parents earning $75K+ in suburban Texas").
- Risk mitigation brokers — Sell data used for fraud detection, identity verification, and background checks.
- People-search brokers — Operate public-facing sites that let anyone look up names, addresses, phone numbers, and relatives for a small fee.
Who Are the Biggest Data Brokers Selling Personal Information?
While thousands of data brokers exist worldwide, a handful of giants dominate the market. Below is a comparison of the most influential players and what they specialize in.
| Data Broker | Headquarters | Primary Focus | Estimated Profiles |
|---|---|---|---|
| Acxiom (LiveRamp) | USA | Marketing data, identity resolution | 2.5 billion+ |
| Experian | Ireland/UK | Credit data, consumer marketing | 1 billion+ |
| Equifax | USA | Credit reporting, employment data | 800 million+ |
| Oracle Data Cloud | USA | Behavioral and B2B data | 5 billion+ device IDs |
| Epsilon | USA | Marketing services, transactional data | 250 million U.S. consumers |
| CoreLogic | USA | Property and real estate data | 99% of U.S. properties |
| Spokeo / BeenVerified / Whitepages | USA | People search | Hundreds of millions |
These companies often trade and share data with one another, meaning your information may exist in dozens — or hundreds — of broker databases simultaneously.
How Do Data Brokers Collect Your Personal Information?
Data brokers acquire information from a surprisingly wide range of sources, many of which are perfectly legal. Understanding these collection methods helps explain why opting out is so difficult.
1. Public Records
Government records — including property deeds, court filings, voter registrations, marriage licenses, and business registrations — are scraped at scale. Because this information is public by law, brokers can repackage and sell it freely.
2. Commercial Sources
Retailers, magazine publishers, warranty card processors, and loyalty program operators routinely sell or share customer lists. That "free" supermarket rewards card is often a data collection device in disguise.
3. Web Tracking and Cookies
Trackers embedded on websites and in mobile apps record browsing behavior, search queries, location data, and purchase history. This data flows to brokers through advertising networks and software development kits (SDKs).
4. Social Media Scraping
Public profile information, friends lists, posts, photos, and engagement patterns are harvested using automated tools, even when platforms attempt to block scraping.
5. Mobile Apps and Location Data
Free apps — particularly weather, flashlight, gaming, and utility apps — often bundle SDKs that transmit precise location data to brokers. Some location brokers have been caught selling movement patterns of military personnel, journalists, and abuse survivors.
6. Data Breaches and the Dark Web
While reputable brokers avoid this, some firms have been linked to purchasing data leaked in breaches, which then mingles with legitimately sourced records.
What Information Do Data Brokers Actually Sell?
A typical broker profile is far more detailed than most people realize. A single record can contain anywhere from 1,500 to 10,000 individual data points. Categories typically include:
- Identifiers: Full name, aliases, date of birth, Social Security Number (in some cases), email addresses, phone numbers.
- Demographics: Race, ethnicity, religion, gender, sexual orientation, marital status, number of children.
- Financial data: Estimated income, net worth, credit score range, mortgage details, investment behaviors.
- Health inferences: Conditions like diabetes, depression, pregnancy, or addiction (inferred from purchases, searches, and prescriptions).
- Lifestyle: Hobbies, political affiliation, vehicle ownership, travel patterns, gun ownership.
- Online behavior: Websites visited, devices used, app usage, advertising IDs.
- Location history: Home, work, places of worship, doctor visits, and more.
Who Buys Data From Brokers?
The buyers of this data are diverse, and many of them may surprise you.
Advertisers and Marketers
The largest customer category. Brands use broker data to micro-target ads based on interests, life events (like moving or having a baby), and predicted purchase intent.
Financial Institutions and Insurers
Banks use broker data to pre-screen loan offers and detect fraud. Insurance companies use it to assess risk — sometimes in ways that raise serious ethical questions about discrimination.
Employers and Landlords
Background check services pull from broker databases, meaning errors in those databases can cost people jobs and housing.
Political Campaigns
Campaigns purchase psychographic data to target voters with tailored messaging — the Cambridge Analytica scandal was just the tip of this iceberg.
Government Agencies and Law Enforcement
Agencies including ICE, the FBI, and the IRS have been documented purchasing data from brokers, often to obtain information that would otherwise require a warrant.
Stalkers, Scammers, and Bad Actors
People-search sites are routinely used by stalkers, abusers, and identity thieves. For just a few dollars, someone can locate a victim's home address and daily routine.
The Real-World Risks of the Data Broker Industry
The consequences of unregulated data brokering are not theoretical. They include:
- Identity theft: Aggregated profiles give fraudsters everything they need to impersonate you.
- Discrimination: Data has been used to exclude protected groups from housing ads, job listings, and credit offers.
- Physical danger: Domestic abuse survivors, judges, journalists, and law enforcement officers have been located and harmed via broker data.
- Price discrimination: You may pay more for the same product based on your inferred income or browsing history.
- Surveillance capitalism: Constant tracking shapes the news you see, the prices you're offered, and the opportunities you're shown — often without your awareness.
Laws and Regulations: What Protections Exist?
Regulation of data brokers is patchy and varies dramatically by region.
European Union — GDPR
The General Data Protection Regulation gives EU residents the right to access, correct, and delete their personal data, and requires brokers to have a legal basis for processing. Fines can reach 4% of global annual revenue.
United States — A Patchwork
The U.S. lacks a comprehensive federal privacy law. However, California (CCPA/CPRA), Virginia, Colorado, Connecticut, Texas, and a growing list of states have enacted privacy laws giving residents opt-out rights. California and Vermont also maintain public data broker registries.
Other Regions
Brazil (LGPD), Canada (PIPEDA), the UK (UK GDPR), Australia (Privacy Act), and Japan (APPI) all provide varying levels of protection. Enforcement, however, often lags behind legislation.
How to Protect Your Personal Information From Data Brokers
You can't completely disappear from the data broker ecosystem, but you can dramatically reduce your exposure. Here's a practical, prioritized action plan.
1. Submit Opt-Out Requests
Major brokers like Acxiom, Epsilon, LexisNexis, Spokeo, and Whitepages all offer opt-out forms — though they're often buried and tedious to complete. Services like DeleteMe, Kanary, and Optery automate this process for an annual fee.
2. Minimize What You Share
- Don't fill out warranty cards or surveys with real information.
- Use a secondary email address and phone number for signups.
- Decline loyalty programs that require detailed personal data.
3. Lock Down Your Browser
Use privacy-respecting browsers (Firefox, Brave) with tracker-blocking extensions like uBlock Origin and Privacy Badger. Disable third-party cookies and clear them regularly.
4. Be Careful With Links You Share
Every time you share a raw URL, you may be exposing tracking parameters that feed broker databases. Using a privacy-focused link shortener like Lunyb strips invasive tracking from outbound links and gives you control over how clicks are measured. For a deeper look, see our honest review of Lunyb or compare alternatives in our 2026 URL shortener buyer's guide.
5. Use a VPN and Encrypted DNS
A reputable VPN hides your IP address from trackers, while encrypted DNS (DoH/DoT) prevents your ISP from logging and selling your browsing history.
6. Audit Your Mobile Apps
Delete apps you don't use. For the rest, revoke unnecessary permissions — especially location, contacts, and microphone access.
7. Freeze Your Credit
A credit freeze with the three major bureaus (Equifax, Experian, TransUnion) prevents new accounts from being opened in your name and limits how your credit data can be sold.
8. Use Privacy-Friendly Search Engines
DuckDuckGo, Startpage, and Brave Search don't profile you or sell your queries.
The Future of Data Brokering
The data broker industry is at a turning point. AI-driven profiling is making inferences more powerful — and more invasive — than ever. Meanwhile, public awareness is rising, and regulators are stepping up enforcement. In 2024, the U.S. Federal Trade Commission banned several location brokers from selling sensitive location data, signaling a tougher stance ahead.
Expect to see more state and national privacy laws, mandatory broker registries, and possibly a federal U.S. privacy bill within the next few years. Until then, the burden of protection still falls largely on individuals.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most countries, yes — provided they comply with applicable privacy laws. In the EU, brokers need a lawful basis under GDPR. In the U.S., legality varies by state, but most broker activity is legal as long as opt-out rights are honored where required.
How do I find out what data brokers have on me?
You can submit data access requests under laws like GDPR or CCPA. Start with the biggest brokers (Acxiom, Experian, LexisNexis) and people-search sites (Spokeo, BeenVerified, Whitepages). Paid services like Optery and DeleteMe can scan dozens of brokers at once.
Can I completely remove myself from data broker databases?
Realistically, no. New records are constantly created from public sources, and brokers often re-add profiles months after removal. The goal is to reduce exposure significantly, not to disappear entirely.
Do free data broker removal services actually work?
Manual opt-outs are free but extremely time-consuming — expect to spend 30 to 60 hours covering the major brokers. Paid services automate the process and handle re-listings, which is why many privacy advocates consider them worthwhile.
Does using a URL shortener help protect my privacy?
It can, if the shortener is privacy-focused. Tools that strip tracking parameters, avoid third-party analytics, and let you control link expiration reduce the data trail you leave online. Generic shorteners that share data with advertisers offer little protection — choose carefully.
Final Thoughts
The data broker industry thrives on opacity. Every time you shrug off a cookie banner, install a free app, or sign up for a loyalty program, you're feeding a multi-billion-dollar machine that profits from knowing you better than you know yourself. The good news is that awareness — and regulation — are growing.
You don't need to become a digital hermit to take back control. Start with the high-impact actions: opt out of the major brokers, freeze your credit, lock down your browser, and be intentional about every piece of personal information you share. Over time, these small habits compound into meaningful privacy.
Your data is valuable. It's time to start treating it that way.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Private Browsing vs VPN: What Actually Protects You Online
Private browsing modes and VPNs are often confused, but they protect very different things. This guide breaks down what each tool actually hides, what it leaves exposed, and which combination delivers real online privacy.
How to Stop AI from Tracking You Online: The Complete 2026 Privacy Guide
AI now tracks more than just clicks—it predicts your behavior, sells your data, and trains itself on your content. This complete 2026 guide explains how to stop AI tracking with 12 practical steps, the best privacy tools, and habits that actually work.
GDPR vs CCPA: Understanding Your Privacy Rights in 2026
The GDPR and CCPA are the two most influential data privacy laws in the world, but they differ significantly in scope, rights, and enforcement. This guide breaks down what each law means for consumers and businesses, and how to protect your data under both.
Children's Online Privacy: A Complete Parent's Guide for 2026
A complete parent's guide to children's online privacy in 2026. Learn about COPPA, GDPR, parental controls, safe link sharing, and how to teach kids to protect their own data — all in one practical, step-by-step resource.