facebook-pixel

Data Brokers: Who Is Selling Your Personal Information in 2026

L
Lunyb Security Team
··10 min read

Every time you browse a website, sign up for a loyalty card, install a mobile app, or click on an ad, invisible companies are quietly building a dossier about you. These companies are called data brokers, and together they form a multi-billion dollar industry dedicated to collecting, packaging, and selling your personal information — often without your explicit knowledge or consent.

This guide explains who data brokers are, what they know about you, how they make money from your data, and what you can do to take back control of your digital footprint.

What Are Data Brokers?

Data brokers are companies that collect personal information about consumers from thousands of sources and then sell, license, or share that information with third parties. They operate largely behind the scenes, with no direct relationship with the people whose data they harvest.

The global data broker market was valued at over $280 billion in 2023 and continues to grow rapidly. Major players include Acxiom, Experian, Epsilon, CoreLogic, LexisNexis, Oracle Data Cloud, and hundreds of smaller specialty brokers focused on specific niches like health data, financial profiles, or location tracking.

Types of Data Brokers

Not all data brokers are the same. The industry generally splits into four main categories:

  • Marketing and advertising brokers — Sell consumer profiles to advertisers for targeted ads.
  • People-search sites — Publicly display names, addresses, phone numbers, and relatives (e.g., Whitepages, Spokeo, BeenVerified).
  • Risk mitigation brokers — Sell data to insurers, employers, and lenders for background checks and fraud detection.
  • Financial and health data brokers — Focus on credit histories, prescription records, and other sensitive information.

What Personal Information Do Data Brokers Actually Have?

The scope of information data brokers collect is far broader than most people realize. A typical profile assembled by a major broker can contain thousands of individual data points about a single person.

Common Data Points Collected

  • Full name, aliases, and previous names
  • Current and past home addresses
  • Phone numbers and email addresses
  • Date of birth, gender, ethnicity, and religion
  • Marital status, family members, and roommates
  • Income range, net worth, and property ownership
  • Employment history and job title
  • Education level and schools attended
  • Purchase history from stores and online retailers
  • Health conditions inferred from purchases or searches
  • Political affiliation and voting history
  • Precise location data from mobile devices
  • Web browsing history and app usage
  • Social media activity and connections

Perhaps most concerning, brokers frequently assign consumers to categories with labels like “financially struggling,” “diabetic,” “recently divorced,” or “expecting a baby” — sensitive inferences that can be exploited by predatory advertisers or discriminatory algorithms.

Where Do Data Brokers Get Your Information?

Data brokers use a wide network of sources, some public and some obtained through commercial partnerships. Understanding these pipelines is the first step to closing them off.

Primary Sources of Broker Data

  1. Public records — Court filings, property deeds, voter registration, marriage and divorce records, and business licenses.
  2. Commercial transactions — Loyalty programs, warranty registrations, magazine subscriptions, and store credit applications.
  3. Mobile apps and SDKs — Free apps embed tracking libraries that harvest location, contacts, and device identifiers.
  4. Web tracking — Cookies, pixels, and browser fingerprinting collect browsing habits across the internet.
  5. Social media scraping — Public profiles, posts, and connections are automatically indexed.
  6. Data partnerships — Brokers buy and swap datasets with each other, credit bureaus, and marketing networks.
  7. Data breaches — Leaked databases from hacked companies frequently end up in broker datasets.

How Data Brokers Make Money

Data brokers monetize personal information in several ways. Their customers include advertisers, insurance companies, banks, political campaigns, government agencies, private investigators, debt collectors, and even other data brokers.

Common Revenue Streams

Product TypeWho Buys ItTypical Use Case
Audience segmentsAdvertisers, ad networksTargeting ads by lifestyle, income, or interest
Identity verificationBanks, fintechsConfirming customer identity during onboarding
Background checksEmployers, landlordsScreening applicants for risk
Risk scoringInsurers, lendersSetting premiums or approving loans
People-search listingsGeneral public, PIsLocating individuals for a fee
Location intelligenceRetail, hedge fundsAnalyzing foot traffic and consumer trends

Why Data Broker Practices Are Dangerous

The data broker economy poses concrete risks to individuals, not just abstract privacy concerns. Once your information is packaged and sold, you lose all control over how it’s used and by whom.

Real-World Harms

  • Identity theft and fraud — Detailed profiles make it easier for criminals to impersonate victims or answer security questions.
  • Stalking and harassment — People-search sites have been used to locate domestic abuse survivors, journalists, and public figures.
  • Discrimination — Employers and insurers may make decisions based on inferred health, ethnicity, or political data.
  • Predatory marketing — People labeled as “financially vulnerable” are targeted with payday loans and scams.
  • Government surveillance — Agencies have purchased data from brokers to bypass warrant requirements.
  • Phishing and social engineering — Attackers craft convincing scams using personal details from broker profiles.

The Legal Landscape Around Data Brokers

Regulation of data brokers is uneven and, in many countries, essentially nonexistent. However, a growing number of jurisdictions are starting to push back.

Key Regulations by Region

  • European Union (GDPR) — Requires consent for personal data processing and grants a “right to erasure.”
  • California (CCPA/CPRA) — Gives residents the right to know, delete, and opt out of the sale of their data. California also maintains a public data broker registry.
  • Vermont — First U.S. state to require data brokers to register with the government.
  • Texas, Oregon, and others — Have introduced similar broker registration and deletion laws.
  • Brazil (LGPD) and Canada (PIPEDA) — Provide GDPR-style protections with varying enforcement.

Despite these laws, enforcement is spotty and the industry frequently finds loopholes. Many brokers still operate freely across borders, and jurisdictional gaps make comprehensive protection difficult.

How to Protect Yourself From Data Brokers

You can’t eliminate your exposure entirely, but you can dramatically reduce it. The following steps combine one-time cleanup with ongoing habits to shrink your digital shadow.

Step-by-Step Protection Plan

  1. Audit your exposure. Search your name on Google, Spokeo, BeenVerified, and Whitepages to see what’s already public.
  2. Submit opt-out requests. Most major brokers have opt-out forms, though they’re often buried. Sites like the EFF and Privacy Rights Clearinghouse maintain updated opt-out lists.
  3. Use a paid removal service. Services like DeleteMe, Kanary, or Optery automate opt-outs across dozens of brokers for a yearly fee.
  4. Lock down your browser. Use privacy-focused browsers like Brave or Firefox with strict tracking protection enabled.
  5. Block trackers and ads. Install uBlock Origin or Privacy Badger to cut off tracking pixels and third-party cookies.
  6. Switch to encrypted DNS. Providers like Cloudflare (1.1.1.1) or NextDNS prevent your ISP and network from logging every domain you visit.
  7. Use email aliases. Services like SimpleLogin or Firefox Relay let you create burner addresses so your real email never enters broker databases.
  8. Freeze your credit. Free credit freezes at Equifax, Experian, and TransUnion block new accounts from being opened in your name.
  9. Limit mobile app permissions. Deny location, contacts, and background data access unless truly necessary.
  10. Be cautious with links. When sharing URLs, use trusted shortening services like Lunyb, which respects user privacy and doesn’t sell click data to marketing brokers. You can read our honest review of Lunyb to learn more.

Tools and Resources Worth Knowing

Tool / ServicePurposeCost
DeleteMeAutomated broker opt-outs~$129/year
OpteryBroker removal + monitoringFree tier + paid plans
SimpleLoginEmail aliasesFree / $30 year
NextDNSEncrypted DNS with blockingFree / $20 year
uBlock OriginAd and tracker blockingFree
BitwardenPassword managementFree / $10 year

The Future of the Data Broker Industry

The next few years will bring significant change to the data broker landscape. Several forces are converging that may finally shift the balance of power back toward consumers.

Key Trends to Watch

  • Stronger state-level laws. The U.S. is seeing rapid adoption of privacy laws modeled on California’s CPRA, with dozens of states following suit.
  • Federal regulation. Proposed U.S. federal privacy bills would create a nationwide baseline and potentially a public broker registry.
  • Cookie deprecation. Browsers phasing out third-party cookies are forcing brokers to rely more heavily on first-party data and identity graphs.
  • AI-driven inference. Machine learning allows brokers to infer sensitive traits from innocuous data, raising new ethical questions.
  • Consumer awareness. Growing public concern is pushing tech companies to compete on privacy, not just features.

Practical Habits for Long-Term Privacy

Beyond one-time cleanups, sustainable privacy comes from small changes to daily habits. Treat your personal information like a limited resource — spend it deliberately.

  • Never fill out non-mandatory fields on forms.
  • Say no to loyalty programs unless the benefit is worth the tracking.
  • Use different emails for shopping, finance, and social accounts.
  • Review app permissions on your phone every few months.
  • Delete accounts you no longer use — dormant accounts still leak data.
  • Read privacy policies before agreeing to major services.
  • Prefer paid tools over free ones when handling sensitive data.

If you frequently share links for work or marketing, take a look at our 2026 comparison of the best URL shorteners to find providers with strong privacy practices, and see our detailed Rebrandly review for a closer look at one popular option.

Frequently Asked Questions

How do I find out which data brokers have my information?

Start with California’s public data broker registry, which lists hundreds of companies operating in the state. You can also search your name on major people-search sites like Spokeo, Whitepages, BeenVerified, and MyLife. Removal services like Optery and DeleteMe scan dozens of brokers automatically and show you exactly where your data appears.

Is it illegal for data brokers to sell my personal information?

In most jurisdictions, no — it is generally legal, though heavily regulated in places like the EU (under GDPR) and California (under CCPA/CPRA). These laws require brokers to honor deletion requests and allow consumers to opt out of the sale of their data. In countries without strong privacy laws, brokers operate with minimal restriction.

Can I permanently remove my data from all brokers?

Permanent removal is extremely difficult because new data is constantly being generated and resold. Even after successful opt-outs, brokers often re-add profiles within months as they ingest new public records or partner data. Ongoing monitoring and repeated opt-outs are the only realistic way to keep exposure low.

Do free apps really sell my data to brokers?

Yes, this is one of the largest sources of broker data. Free mobile apps frequently embed advertising SDKs that harvest location, device identifiers, contacts, and usage patterns. This data is bundled and sold to brokers who then package it into consumer profiles. Reviewing app permissions and preferring paid, reputable alternatives significantly reduces this pipeline.

Are people-search sites the same as data brokers?

People-search sites are a specific type of data broker that publicly displays personal information — usually names, addresses, phone numbers, ages, and relatives — for anyone willing to pay. They’re only one segment of the broader broker industry, which also includes invisible players selling to advertisers, insurers, and lenders.

Conclusion

Data brokers are one of the least visible but most consequential parts of the modern internet economy. They know an astonishing amount about you, sell that knowledge to whoever will pay, and rarely face meaningful accountability. The good news is that awareness is growing, laws are strengthening, and practical tools now exist to shrink your digital footprint significantly.

Start with a quick audit today, submit opt-outs for the biggest offenders, and build a few new privacy habits into your routine. Your personal information is valuable — make sure you’re the one deciding how it’s used.

Protect your links with Lunyb

Create secure, trackable short links and QR codes in seconds.

Get Started Free

Related Articles