Data Brokers: Who Is Selling Your Personal Information in 2026
Every time you sign up for a newsletter, use a loyalty card, browse a website, or install a mobile app, someone is likely taking notes. That someone is often a data broker — a company you've probably never heard of that quietly builds detailed profiles about you and sells them to marketers, insurers, employers, political campaigns, and even government agencies. The data broker industry is estimated to be worth over $250 billion globally, yet most consumers have no idea how much of their personal information is being traded behind the scenes.
This guide explains exactly who data brokers are, what information they collect, how they profit from it, and — most importantly — what you can do to take back control of your digital identity.
What Are Data Brokers?
Data brokers are companies that collect personal information about individuals from a wide variety of sources, aggregate it into detailed profiles, and then sell or license that data to third parties. Unlike social media platforms or retailers, data brokers usually have no direct relationship with the people whose data they hold.
The industry includes household names like Acxiom, Experian, Equifax, TransUnion, Oracle Data Cloud, LexisNexis, CoreLogic, and Epsilon, along with hundreds of smaller specialized brokers. Some focus on marketing data, others on financial or health-related profiles, and a growing number specialize in "people search" websites that expose personal information in publicly searchable databases.
The Three Main Categories of Data Brokers
- Marketing and advertising brokers — sell demographic, behavioral, and lifestyle data to advertisers who want to target specific audiences.
- Risk mitigation brokers — provide data to banks, insurers, and employers for fraud detection, credit decisions, and background checks.
- People search sites — publicly display names, addresses, phone numbers, relatives, and other personal data (often to anyone with a credit card).
What Kind of Information Do Data Brokers Collect?
Data brokers build profiles that can contain hundreds — sometimes thousands — of individual data points per person. The scope is far broader than most people realize.
Common Data Points in a Broker Profile
- Identity data: full name, date of birth, aliases, Social Security or national ID numbers, driver's license information.
- Contact data: home address history, phone numbers, personal and work email addresses.
- Financial data: estimated income, credit score ranges, mortgage details, bankruptcy history, investment activity.
- Household data: family members, marital status, number of children, pets, home value.
- Behavioral data: shopping habits, brand preferences, magazine subscriptions, charitable donations.
- Digital data: browsing history, app usage, device identifiers, IP addresses, precise location trails.
- Health-adjacent data: pharmacy purchases, fitness app data, self-reported conditions from online quizzes.
- Political and religious inferences: likely voting behavior, religious affiliation, ideological leanings.
Perhaps more unsettling than the raw data is the inference. Brokers combine data points to make educated guesses — for example, tagging you as "likely diabetic," "expectant parent," "recently divorced," or "financially stressed." These inferred labels can shape the prices you see, the ads you're shown, and even the job opportunities you're offered.
Where Do Data Brokers Get Your Information?
The supply chain is enormous, and most of it operates legally. Here are the primary sources brokers rely on.
1. Public Records
Court filings, property records, marriage and divorce records, business registrations, voter rolls, and professional licenses are all fair game. Brokers scrape and index these at massive scale.
2. Commercial Transactions
Loyalty cards, warranty registrations, and purchase histories are frequently sold or shared. That "free" grocery discount card is one of the most efficient data collection tools ever invented.
3. Online Tracking
Cookies, tracking pixels, mobile SDKs, and fingerprinting scripts embedded on websites and apps feed continuous streams of behavioral data to ad-tech platforms, which then resell it.
4. Social Media and Public Profiles
Anything you post publicly — and sometimes information you thought was private — can be scraped, enriched, and packaged for sale.
5. Surveys, Quizzes, and Free Tools
"What kind of pizza matches your personality?" quizzes and free online tools are often data-collection funnels in disguise.
6. Data Partnerships and Second-Party Sharing
Companies you do business with — telecoms, airlines, retailers, insurers — often share or sell customer data through partnerships covered by lengthy terms of service.
Who Buys This Data — and Why?
The buyers are more diverse than you might think. Data broker customers include:
| Buyer Category | Typical Use Case | Risk to You |
|---|---|---|
| Advertisers & marketers | Targeted campaigns, audience modeling | Manipulative pricing, filter bubbles |
| Banks & lenders | Credit scoring, fraud detection | Being denied credit due to inaccurate data |
| Insurance companies | Underwriting, premium calculation | Higher premiums based on lifestyle inferences |
| Employers & recruiters | Background checks, sourcing | Discriminatory screening |
| Political campaigns | Voter targeting, persuasion | Manipulation of political views |
| Law enforcement & government | Investigations, surveillance | Warrantless surveillance bypass |
| Scammers & fraudsters | Identity theft, phishing | Financial loss, account takeover |
That last row is especially concerning. Investigations have repeatedly shown that criminals purchase broker data — sometimes from legitimate resellers who fail to vet buyers — to power sophisticated scams targeting the elderly, the recently bereaved, and financially vulnerable individuals.
Why the Data Broker Industry Is a Privacy Problem
Even when data brokers operate within the law, the aggregate effect on personal privacy is enormous. Here's why the industry raises serious concerns.
Consent Is Largely Fictional
Almost no one has knowingly agreed to have their profile sold. Consent is buried in terms of service, purchased through third-party partnerships, or bypassed entirely through public records scraping.
Data Is Frequently Inaccurate
Broker files often contain errors — wrong addresses, outdated employment, mistaken identities, or bad inferences. When those errors influence credit decisions or job screenings, consumers rarely know why they were rejected.
Sensitive Categories Slip Through
Data that appears innocuous individually (a pharmacy purchase, a fitness tracker reading, a website visit) can be combined to infer highly sensitive information about health, sexuality, immigration status, or political beliefs.
Breaches Are Common
Data broker breaches have exposed hundreds of millions of records — including the massive 2024 National Public Data breach that leaked Social Security numbers and address histories for a large portion of the US population.
What Laws Actually Protect You?
Regulation varies dramatically by region, and enforcement is uneven.
European Union — GDPR
The General Data Protection Regulation gives EU residents the right to access, correct, and delete personal data held by any company, including brokers. Consent must be explicit and freely given.
United States — Patchwork
The US has no comprehensive federal privacy law. Instead, state laws like the California Consumer Privacy Act (CCPA/CPRA), Virginia's VCDPA, Colorado's CPA, and Texas's TDPSA grant partial rights. California and Vermont maintain data broker registries.
United Kingdom — UK GDPR
Similar to the EU framework, with enforcement by the Information Commissioner's Office (ICO).
Canada — PIPEDA
The Personal Information Protection and Electronic Documents Act requires meaningful consent and provides access rights, though enforcement has historically been weak.
Australia — Privacy Act
The Privacy Act 1988 is under active reform to strengthen consumer rights against data brokers and grant a statutory right to sue for privacy breaches.
How to Reduce Your Exposure to Data Brokers
You can't disappear entirely, but you can dramatically reduce the amount of personal information brokers hold on you. Here's a practical plan.
1. Opt Out of Major Brokers
The biggest brokers all have opt-out processes, though they're intentionally cumbersome. Start with these:
- Acxiom (opt-out portal)
- Epsilon
- Oracle Data Cloud
- LexisNexis
- CoreLogic
- People search sites: Spokeo, BeenVerified, Whitepages, MyLife, Radaris, Intelius, PeopleFinder
Expect to repeat this process every 6–12 months, since brokers routinely re-add profiles from fresh sources.
2. Use Paid Removal Services (If You Value Time)
Services like DeleteMe, Kanary, Optery, and Incogni submit removal requests on your behalf across dozens or hundreds of brokers. They typically cost $75–$200 per year.
3. Minimize Data Collection at the Source
- Use disposable or masked email addresses for signups.
- Avoid loyalty programs, or use a dedicated phone number and email for them.
- Turn off ad personalization and mobile advertising IDs on iOS and Android.
- Block third-party cookies and use tracker-blocking browser extensions.
- Consider a privacy-focused browser like Brave, Firefox with strict tracking protection, or Safari with intelligent tracking prevention.
- Use encrypted DNS providers (like Cloudflare 1.1.1.1 for Families or NextDNS) to reduce network-level tracking.
4. Be Careful With Links and Shorteners
Many free link-shortening services log clicker data — IP addresses, device fingerprints, geolocation — and share or sell it to advertising networks. When you share links, use a privacy-respecting shortener. Lunyb is one option built with privacy in mind: it doesn't sell click data to third-party advertisers. If you want to compare the market, our 2026 URL shortener buyer's guide breaks down which services respect user data and which don't.
5. Exercise Your Legal Rights
If you live in a jurisdiction with privacy laws, use them:
- Submit a Data Subject Access Request (DSAR) to see what a broker holds.
- File a correction request for inaccurate data.
- Submit a deletion request ("right to be forgotten") where available.
- Report non-compliant brokers to your regulator (ICO, CNIL, FTC, state attorney general, OAIC, etc.).
6. Freeze Your Credit
In the US, freezing your credit at Equifax, Experian, TransUnion, and Innovis prevents new accounts from being opened in your name — a critical defense given that credit bureaus are themselves data brokers with poor security track records.
The Bigger Picture: Choosing Privacy-Respecting Services
Individual opt-outs help, but the most effective long-term strategy is to reduce your reliance on services that monetize personal data in the first place. Every time you choose a privacy-respecting alternative — a search engine that doesn't track queries, a messaging app with end-to-end encryption, a link shortener that doesn't profile your audience — you shrink the supply of raw material feeding the broker economy.
If you're a marketer, creator, or business owner sharing links at scale, your choice of tooling matters even more, because you're making a privacy decision on behalf of everyone who clicks. For a deeper look at how link-sharing platforms handle user data, see our honest review of Lunyb and our Rebrandly review for 2026.
Frequently Asked Questions
How do I find out what data brokers have on me?
Start by submitting Data Subject Access Requests to the largest brokers (Acxiom, LexisNexis, Experian, Oracle). In the EU and UK, GDPR requires them to respond within 30 days. In the US, CCPA gives California residents similar rights, and other states are catching up. You can also search your name on people search sites like Spokeo and Whitepages to see what's publicly listed.
Is it legal for data brokers to sell my information?
In most jurisdictions, yes — provided they comply with local privacy laws. The EU and UK require a lawful basis (usually consent or legitimate interest) and give consumers strong rights. The US has a patchwork of state laws with varying requirements. Selling certain categories, like precise health data or children's data, is more restricted, but enforcement gaps mean violations happen frequently.
Will opting out of data brokers actually work?
Partially. Reputable brokers honor opt-out requests, and you'll see your profile disappear from many people search sites within 2–6 weeks. However, brokers frequently re-add profiles from new data sources, so opt-outs must be repeated. Paid removal services automate this ongoing maintenance.
Are credit bureaus considered data brokers?
Yes. Equifax, Experian, and TransUnion are among the largest and most influential data brokers in the world. Beyond credit reports, they operate marketing data divisions that sell consumer profiles for advertising and risk assessment. Freezing your credit doesn't remove your data from their marketing databases — you have to opt out of those separately.
Can data brokers cause me real harm, or is this mostly annoying ads?
Real harm is well documented. Broker data has been linked to identity theft, predatory lending targeted at vulnerable people, discriminatory hiring, insurance denials, stalking, and even physical violence in cases where addresses of vulnerable individuals were exposed. Treating the issue as "just ads" significantly understates the risk.
Final Thoughts
The data broker industry thrives on invisibility. Most people don't know these companies exist, don't know what they hold, and don't know they have any rights to push back. Simply understanding the landscape — who the brokers are, how they collect data, and who buys it — is the first meaningful step toward regaining control.
You won't eliminate your digital footprint overnight, but a consistent combination of opt-outs, minimized data sharing, privacy-respecting tools, and use of your legal rights can dramatically reduce your exposure. In an economy where personal information is the product, choosing privacy is a form of quiet resistance — and it starts with knowing that the choice exists.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
Cookie Consent Banners: Do They Actually Protect You?
Cookie consent banners promise control over your data, but the reality is messier. We break down what they actually protect, where they fail, and what you can do beyond the banner to safeguard your privacy.
How to Protect Your Privacy Online in Australia: 2026 Guide
A practical, Australia-specific guide to protecting your privacy online in 2026. Covers local laws, common scams, account security, browsing tools, and what to do after a data breach.
How to Do a Personal Data Audit: A Complete 2026 Guide
A personal data audit helps you find, review, and clean up the information companies hold about you. This step-by-step 2026 guide shows exactly how to inventory your accounts, request your data, delete what you don't need, and keep your digital footprint small.
Children's Online Privacy Guide: A Parent's Complete 2026 Handbook
A practical children's online privacy guide for parents in 2026. Learn the laws, top threats, device settings, and habits that protect your kids' data without shutting them out of the digital world.