Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a loyalty card, install an app, or browse a news site, invisible companies are quietly recording your behavior, packaging it, and selling it to the highest bidder. These companies are called data brokers, and they form one of the largest, least-regulated industries in the world. This guide explains exactly who is selling your personal information, how the trade works, and what you can do to push back.
What Are Data Brokers?
Data brokers are companies that collect personal information about consumers from public records, online activity, purchases, and third-party sources, then sell or license that data to businesses, marketers, governments, and sometimes other brokers. They typically operate without ever interacting with you directly, which is why most people have never heard of them.
The global data broker market is estimated to be worth over $280 billion in 2026, with thousands of companies actively trading consumer profiles. Some focus on marketing data, others on risk assessment (insurance, credit, fraud), and a growing segment caters to law enforcement and intelligence agencies.
The Three Main Categories of Data Brokers
- Marketing and advertising brokers — Sell targeting data to advertisers (e.g., Acxiom, Epsilon, Oracle Data Cloud).
- Risk mitigation brokers — Provide identity verification, fraud detection, and credit data (e.g., LexisNexis, Experian, Equifax).
- People-search brokers — Publish public-facing profiles of individuals for anyone to look up (e.g., Spokeo, BeenVerified, Whitepages).
How Data Brokers Collect Your Personal Information
Data brokers rarely collect information from you directly. Instead, they vacuum up data from hundreds of upstream sources and stitch it together into a single profile linked to your name, email, phone number, or device ID.
Common Data Sources
- Public records — Voter rolls, property deeds, court filings, marriage licenses, business registrations.
- Loyalty programs and retailers — Grocery stores, pharmacies, and credit card companies sell anonymized (and often re-identifiable) purchase data.
- Mobile apps and SDKs — Free apps often embed tracking SDKs that ship location, device, and behavioral data to brokers.
- Web tracking — Cookies, pixels, and fingerprinting scripts on websites you visit.
- Social media scraping — Publicly visible posts, photos, and connections.
- Data breaches — Leaked credentials and records are often laundered back into legitimate-looking broker datasets.
- Surveys, sweepstakes, and quizzes — Those "What kind of pizza are you?" quizzes exist primarily to harvest data.
What Information Is Being Sold About You?
A single broker profile can contain hundreds — sometimes thousands — of data points. The richness of these profiles is what makes the industry so profitable and so dangerous.
| Category | Examples of Data Points |
|---|---|
| Identity | Full name, aliases, date of birth, Social Security number fragments, government IDs |
| Contact | Home address history, phone numbers, email addresses |
| Financial | Estimated income, credit tier, mortgage details, recent purchases |
| Demographic | Race, religion, language, marital status, children, education |
| Health-adjacent | Conditions inferred from purchases, pharmacy visits, wellness app data |
| Behavioral | Web browsing, app usage, purchase history, brand preferences |
| Location | Home, work, gym, places of worship, travel patterns |
| Political | Party affiliation, donation history, issue interests |
| Relationships | Spouse, children, neighbors, co-workers, known associates |
Who Buys Data from Brokers?
The buyer side of the market is just as broad as the supply side. Understanding who is on the other end of the transaction makes the stakes much more concrete.
Major Buyers of Broker Data
- Advertisers and marketers — Use audience segments to target ads across the web and connected TV.
- Banks, insurers, and lenders — Verify identity, assess risk, and price products.
- Employers and landlords — Run background checks (often without your knowledge of the underlying source).
- Political campaigns — Microtarget voters with tailored messaging.
- Law enforcement and intelligence agencies — Purchase commercial data to bypass warrant requirements.
- Debt collectors and private investigators — Locate individuals and assets.
- Scammers and stalkers — Anyone with $20 and a credit card can buy people-search reports.
The Biggest Data Brokers You've Probably Never Heard Of
While household names like Google and Meta dominate headlines, the largest data brokers operate almost entirely behind the scenes. Here are some of the most influential players in 2026.
| Broker | Primary Business | Approx. Profiles |
|---|---|---|
| Acxiom (LiveRamp) | Marketing data and identity resolution | 2.5+ billion |
| Experian | Credit, marketing, risk | 1+ billion |
| Equifax | Credit, employment verification | 800+ million |
| LexisNexis Risk Solutions | Insurance, legal, government data | 500+ million |
| Oracle Data Cloud | Advertising audience data | 2+ billion device IDs |
| Epsilon | Marketing and CRM data | 250+ million U.S. consumers |
| CoreLogic | Property and mortgage data | 4.5+ billion records |
| Spokeo / BeenVerified / Whitepages | Consumer-facing people search | Billions of records combined |
Why This Trade Is Dangerous
It is easy to dismiss data brokering as "just ads," but the real-world consequences are well documented and growing every year.
Concrete Harms
- Discrimination — Profiles have been used to exclude minorities from housing ads and steer them toward predatory loans.
- Stalking and domestic abuse — Abusers routinely use people-search sites to locate victims who have moved.
- Identity theft — Aggregated profiles give scammers everything they need to bypass security questions.
- Price discrimination — Retailers and airlines show different prices based on inferred wealth and urgency.
- Government surveillance without warrants — Agencies buy data they would otherwise need a court order to obtain.
- Insurance and employment denials — Inferred health or lifestyle data can quietly disqualify you.
- Doxxing and harassment — Journalists, activists, abortion seekers, and LGBTQ+ individuals have been targeted using broker data.
What the Law Says (and Doesn't Say)
Regulation of data brokers varies dramatically across regions, and even the strongest laws leave large gaps.
Key Regulations in 2026
- GDPR (EU/EEA) — Gives residents the right to access, correct, and delete personal data, and requires a lawful basis for processing. Enforcement against brokers is improving but inconsistent.
- CCPA / CPRA (California) — Allows residents to opt out of the sale of their data and access what brokers hold. California also maintains a public Data Broker Registry.
- State broker registries — Vermont, California, Texas, and Oregon now require brokers to register. The list is publicly searchable.
- Delete Act (California) — Will eventually allow residents to delete their data from all registered brokers with a single request.
- UK Data Protection Act — Mirrors much of GDPR post-Brexit.
- Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act — Provide varying degrees of consumer rights.
Notably, the United States still has no comprehensive federal privacy law, which is why the data broker industry is largely U.S.-based.
How to Remove Yourself from Data Brokers
You cannot fully erase yourself from the data economy, but you can dramatically shrink your footprint. Here is a practical, prioritized plan.
Step 1: Opt Out of the Major Brokers
- File opt-out requests with Acxiom, Epsilon, Oracle, LiveRamp, and LexisNexis (each has a privacy form on its site).
- Remove yourself from people-search sites: Spokeo, BeenVerified, Whitepages, Intelius, MyLife, Radaris, PeopleFinder, and TruePeopleSearch.
- Use the California or Vermont broker registries to find lesser-known brokers and submit individual requests.
Step 2: Use a Removal Service (Optional)
Services like DeleteMe, Kanary, Optery, and Incogni automate ongoing removal across hundreds of brokers for $100–$200 per year. They are not perfect but save dozens of hours.
Step 3: Reduce New Data Creation
- Use email aliases (Apple Hide My Email, SimpleLogin, Firefox Relay) when signing up for services.
- Use a secondary phone number for non-essential accounts.
- Switch to a privacy-respecting browser (Brave, Firefox with strict tracking protection) and a private search engine.
- Turn on encrypted DNS (DoH/DoT) so your network provider cannot log every domain you visit.
- Disable mobile advertising IDs in iOS and Android settings.
- Audit app permissions monthly and revoke location access for any app that does not strictly need it.
- Use shortened links you actually control — for example, branded short links from Lunyb let you share URLs without exposing tracking parameters embedded by third-party platforms. If you want to learn more, see our honest review of Lunyb.
Step 4: Lock Down Public Records Where Possible
Some jurisdictions allow address suppression for survivors of domestic violence, judges, and law enforcement. Voter roll suppression is available in several U.S. states upon request.
Step 5: Monitor and Repeat
Brokers re-acquire your data constantly. Treat removal as an ongoing process — at least every six months — not a one-time project.
What Businesses Can Do Differently
If you run a business, you are likely contributing to the broker ecosystem without realizing it. A few responsible choices make a big difference.
- Audit your ad tech stack and disable third-party data sharing where possible.
- Move from third-party trackers to first-party analytics (Plausible, Fathom, self-hosted Matomo).
- Use privacy-respecting link tools — for example, our 2026 buyer's guide to URL shorteners compares options that do not resell click data.
- Honor Global Privacy Control (GPC) signals automatically.
- Minimize data collection at the form level — every optional field is a future liability.
The Future of the Data Broker Industry
Three trends will shape the next few years. First, regulation is tightening — the EU AI Act, U.S. state privacy laws, and the FTC's increasingly aggressive enforcement are raising the cost of sloppy data handling. Second, the deprecation of third-party cookies is pushing brokers toward identity graphs based on hashed emails and phone numbers, which are arguably more invasive. Third, AI training data demand is creating a new buyer class: model developers willing to pay top dollar for behavioral datasets to fine-tune personalization and prediction systems.
The result is a market that is simultaneously more regulated and more sophisticated. Individual vigilance and ecosystem-level pressure on advertisers and platforms will both be necessary.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most countries, yes — provided they comply with applicable privacy laws. In the EU, UK, and California, brokers must have a lawful basis and honor your rights to access and delete data. In most U.S. states, the trade is essentially unregulated. Selling certain categories (children's data, precise health records, some financial data) is restricted almost everywhere.
How much is my personal data worth to a broker?
Individually, very little — typically fractions of a cent per data point. The value comes from scale and combination. A complete profile with verified identity, income estimate, and recent purchase intent might sell for $0.50 to $5 to an advertiser, and significantly more to a risk or fraud product.
Can I sue a data broker for selling my information?
In limited cases, yes. California, Illinois (under BIPA for biometrics), and EU residents have private rights of action for specific violations. Most successful suits target breaches, biometric collection without consent, or violations of the Fair Credit Reporting Act when broker data is used for employment or housing decisions.
Do paid removal services actually work?
They work in the sense that they reduce your exposure significantly — often removing your profile from 90%+ of the brokers they cover. They do not work in the sense of permanent removal: brokers re-ingest data continuously, so ongoing subscription is required. For high-risk individuals (abuse survivors, public figures), they are worth the cost.
What is the single most effective step I can take today?
Submit opt-out requests to the top five people-search sites (Spokeo, BeenVerified, Whitepages, Intelius, and TruePeopleSearch). These are the brokers most often used by stalkers, scammers, and casual snoopers, and removal takes about 30 minutes total. Pair that with disabling your mobile advertising ID and switching to a tracker-blocking browser, and you will have eliminated the majority of practical risk.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
How to Protect Your Privacy Online in Australia: 2026 Guide
A practical 2026 guide to protecting your privacy online in Australia. Learn the local laws, top threats, and step-by-step actions to secure your accounts, devices, and personal data.
AI and Privacy: What You Need to Know in 2026
AI in 2026 collects more data about you than ever before — from voice and video to inferred emotions and predictions. This guide explains the biggest privacy risks of the AI era, the new global regulations, and 10 practical steps you can take to protect your personal information without giving up the tools you rely on.
How to Do a Personal Data Audit: A Step-by-Step Privacy Guide
A personal data audit reveals where your information lives online and helps you lock it down. This step-by-step guide walks you through inventory, breach checks, permissions, and deletion in 7 clear stages.
How Much Is Your Personal Data Worth? The Real Price Tag in 2026
Your personal data fuels a multi-trillion-dollar economy, but most people have no idea what it actually sells for. This guide breaks down the real 2026 prices on both legitimate ad markets and the dark web, reveals who is buying, and shows how to take back control.