Data Brokers: Who Is Selling Your Personal Information in 2026
Every day, thousands of companies you've never heard of are buying, selling, and trading your personal information. From your home address and phone number to your shopping habits, health conditions, and political views — it's all being packaged and sold in a shadowy multi-billion-dollar industry. Welcome to the world of data brokers.
This guide explains exactly who these companies are, how they build detailed profiles about you, who buys the data, and — most importantly — what you can do to protect yourself.
What Are Data Brokers?
Data brokers are companies that collect personal information about individuals from a wide variety of sources and then sell, license, or share that data with third parties. They operate largely behind the scenes, and most consumers have no direct relationship with them.
The global data broker industry is estimated to be worth over $280 billion in 2026, with thousands of firms operating across the United States, European Union, United Kingdom, and Asia-Pacific regions. Some are well-known credit bureaus like Experian and Equifax; others are obscure marketing analytics firms that most people have never heard of.
Types of Data Brokers
- Marketing data brokers — Sell consumer lists for advertising and email campaigns (e.g., Acxiom, Epsilon).
- People-search sites — Publish personal details online for anyone to look up (e.g., Spokeo, Whitepages, BeenVerified).
- Risk-mitigation brokers — Provide identity verification and fraud detection to banks and insurers (e.g., LexisNexis Risk Solutions).
- Credit bureaus — Track financial behavior and issue credit scores (Experian, Equifax, TransUnion).
- Health data brokers — Aggregate medical, prescription, and wellness data (e.g., IQVIA).
- Location data brokers — Collect and sell smartphone GPS data (e.g., Veraset, X-Mode).
How Data Brokers Collect Your Personal Information
Data brokers assemble their profiles from an enormous variety of public, semi-public, and commercial sources. You don't need to hand them anything directly — the pieces are gathered without your knowledge.
Common Sources of Broker Data
- Public records — Property deeds, court filings, marriage licenses, voter registrations, and business registrations.
- Social media — Public posts, profile details, likes, followers, and even inferred relationships.
- Loyalty programs and store cards — Every scan at the grocery store feeds a purchase-history profile.
- Mobile apps — Weather apps, games, and utilities that quietly harvest location, contacts, and device identifiers.
- Website tracking — Cookies, pixels, and fingerprinting scripts embedded across the web.
- Warranty registrations and surveys — Those "free product registration" cards go straight into marketing databases.
- Data breaches — Leaked information from hacks often ends up in commercial datasets.
- Second-party sharing — Retailers, telecoms, and financial firms sell customer data directly.
What Information Do Data Brokers Actually Have on You?
The scope of a modern broker profile is staggering. Major brokers claim to hold thousands of individual data points on hundreds of millions of consumers.
Typical Data Points in a Broker Profile
| Category | Examples of Data Collected |
|---|---|
| Identity | Full name, aliases, date of birth, SSN fragments, gender |
| Contact | Home address history, phone numbers, email addresses |
| Financial | Estimated income, credit range, home value, mortgage details |
| Household | Marital status, number of children, pet ownership |
| Behavioral | Shopping categories, brand preferences, hobbies |
| Health-adjacent | Diet preferences, fitness activity, over-the-counter purchases |
| Political/Religious | Party affiliation, donation history, faith community |
| Digital | Devices owned, browsers used, app installations, IP addresses |
| Location | Home, work, frequently visited places, travel patterns |
Who Buys Data From Data Brokers?
The customer base is broader than most people realize. Data broker clients include:
- Advertisers and marketers — For targeted ad campaigns and audience segmentation.
- Banks, insurers, and lenders — For underwriting, fraud detection, and pricing.
- Employers and background-check firms — For screening candidates.
- Political campaigns — For voter targeting and micro-messaging.
- Retailers — For personalization and price discrimination.
- Law enforcement and government agencies — Increasingly, agencies purchase broker data to sidestep warrant requirements.
- Debt collectors and legal services — For skip-tracing.
- Scammers and stalkers — Unfortunately, poorly-vetted people-search sites make this trivial.
The Biggest Data Brokers You Should Know
While thousands of brokers exist, a handful of giants dominate the industry. Understanding who they are is the first step in taking control of your data.
Major Global Data Brokers
| Company | Primary Focus | Approx. Records Held |
|---|---|---|
| Acxiom (LiveRamp) | Marketing data, identity resolution | 2.5 billion+ consumers |
| Experian | Credit + marketing data | 1 billion+ consumers |
| Equifax | Credit reporting, workforce data | 800 million+ consumers |
| LexisNexis Risk Solutions | Risk, fraud, and legal analytics | Multi-billion records |
| Epsilon (Publicis) | Email and postal marketing | 250 million+ US consumers |
| Oracle Data Cloud | Ad targeting data | 5 billion+ device IDs |
| Spokeo / BeenVerified / Whitepages | People-search publishing | Hundreds of millions of profiles |
Why This Matters: The Real-World Risks
Some people shrug this off with "I have nothing to hide." But the risks of unrestricted data brokerage are concrete and growing.
Tangible Harms From Data Broker Ecosystems
- Identity theft — Aggregated profiles give criminals everything they need to impersonate you.
- Targeted scams — Elderly relatives receive frighteningly personalized phishing calls.
- Stalking and harassment — Home addresses of judges, journalists, and abuse survivors have been sold openly.
- Discriminatory pricing — Insurance rates and loan terms can vary based on inferred traits.
- Employment discrimination — Hidden data can affect who gets hired or promoted.
- Government surveillance — Agencies buying broker data effectively bypass constitutional protections.
- Erosion of autonomy — Micro-targeted political and commercial messaging reshapes decisions in ways you never see.
The Legal Landscape: What Regulators Are Doing
Regulation is uneven across the globe, but momentum is building. Here's a snapshot of where the major jurisdictions stand in 2026.
Key Data Broker Laws Worldwide
| Region | Key Law | What It Does |
|---|---|---|
| European Union | GDPR | Requires legal basis for processing; right to access, correct, delete |
| United Kingdom | UK GDPR + Data Protection Act 2018 | Similar to EU rules, enforced by ICO |
| California, USA | CCPA / CPRA + Delete Act | Right to opt out; single-request deletion via broker registry |
| Vermont, USA | Data Broker Registration Law | Brokers must register annually and disclose practices |
| Texas, Oregon, Colorado | State broker registries | Public listing + consumer opt-out portals |
| Canada | PIPEDA (reform pending) | Consent-based; enforcement historically weak |
| Australia | Privacy Act 1988 (2024 reforms) | Expanded rights and penalties |
How to Remove Yourself From Data Broker Databases
Getting your information taken down is tedious but possible. Every major broker offers an opt-out — they just don't advertise it.
Step-by-Step: Reducing Your Data Broker Footprint
- Search yourself — Google your full name plus your city. Note every people-search site that appears.
- Submit opt-out requests — Each broker has a form (often buried in the footer). Common ones include Spokeo, Whitepages, BeenVerified, MyLife, Radaris, and Intelius.
- Send GDPR / CCPA requests — If you're in an eligible jurisdiction, you have the legal right to request full deletion.
- Use a removal service — Services like DeleteMe, Kanary, Optery, and Incogni automate opt-outs across hundreds of brokers for around $10–15 per month.
- Register with state portals — California residents can use the state's Delete Act portal for one-click removal from registered brokers.
- Repeat every 3–6 months — Data reappears as brokers refresh their databases from public records.
Preventing Future Data Collection
Cleanup is only half the battle. Cutting off the supply of new data is equally important.
Practical Privacy Habits
- Use a privacy-focused browser — Firefox with strict tracking protection, Brave, or Safari with cross-site tracking disabled.
- Switch to encrypted DNS — Providers like Cloudflare 1.1.1.1 or NextDNS block many trackers at the network level.
- Install a solid content blocker — uBlock Origin remains the gold standard.
- Audit app permissions — Revoke location, contacts, and background access from apps that don't genuinely need them.
- Use email aliases — Services like SimpleLogin, Firefox Relay, and Apple's Hide My Email prevent cross-site email tracking.
- Be careful what you shorten and share — When you share links publicly, use a reputable, privacy-conscious link shortener. Tools like Lunyb let you share URLs without piggy-backing invasive third-party tracking scripts, and you can read more in our honest review of Lunyb.
- Limit loyalty program data — Use a secondary phone number and address when signing up.
- Freeze your credit — Free at all three US bureaus; blocks new-account fraud.
- Opt out of pre-approved credit offers — Visit OptOutPrescreen.com in the US.
Comparing Data Broker Removal Services
If manual opt-outs feel overwhelming, an automated service can save dozens of hours per year. Here's how the leading options compare.
Removal Service Comparison
| Service | Brokers Covered | Starting Price | Family Plans |
|---|---|---|---|
| DeleteMe | 750+ | $10.75/mo (annual) | Yes |
| Incogni | 180+ | $7.49/mo (annual) | Yes |
| Optery | 625+ | Free tier; $3.99+/mo paid | Yes |
| Kanary | 300+ | $14.99/mo | Yes |
| Privacy Bee | 800+ | $14.75/mo (annual) | Yes |
Pros and Cons of Using a Removal Service
Pros:
- Saves 40+ hours of manual work per year
- Covers brokers you'd never discover on your own
- Ongoing monitoring catches data that reappears
- Provides reports you can show a court in stalking cases
Cons:
- You must share your personal info with yet another company
- Coverage varies — no service catches 100% of brokers
- Ongoing subscription cost
- Doesn't stop new data collection at the source
The Bigger Picture: Building a Long-Term Privacy Strategy
Fighting data brokers one at a time is like bailing water from a leaking boat. The most effective approach combines removal, prevention, and thoughtful digital hygiene over time.
Think of your data footprint in three layers: historical (what's already out there — handled by removal services and opt-outs), current (what you generate today — controlled by browser settings, app permissions, and privacy-first tools), and future (what you'll leak tomorrow — reduced by better habits and by choosing services that respect your data). If you're evaluating new online tools, our 2026 buyer's guide to URL shorteners is a useful reference for picking services that don't monetize your clicks.
Frequently Asked Questions
Is it legal for data brokers to sell my personal information?
In most countries, yes — with limits. In the EU and UK, GDPR requires a lawful basis and gives you strong deletion rights. In the US, legality varies by state: California, Vermont, Texas, Oregon, and Colorado have registration and opt-out laws, while most other states have minimal restrictions. Sensitive categories like health, biometric, and children's data face tighter rules almost everywhere.
How do I find out what data brokers have on me?
Start by submitting subject-access requests to major brokers like Acxiom, LexisNexis, Experian, and Epsilon — they're legally required to respond in the EU, UK, and California. You can also search your name on people-search sites like Spokeo and Whitepages to see what's publicly listed. Free tools like Optery's scan will identify dozens of profiles automatically.
Will removing myself from data brokers stop all tracking?
No. Removal cleans up historical records but doesn't stop new data collection. To reduce ongoing tracking you'll need to combine removal with privacy-focused browsers, encrypted DNS, content blockers, careful app permissions, and email aliases. Think of it as reducing your data footprint rather than eliminating it entirely.
How often does removed data reappear in broker databases?
Frequently. Because brokers continuously refresh their databases from public records, social media, and commercial partners, your information can reappear within 3–6 months of removal. This is why ongoing services or quarterly manual re-checks are essential rather than a one-time cleanup.
Are free data broker opt-outs as effective as paid removal services?
Free manual opt-outs work for the specific brokers you target, but they're time-consuming — a thorough manual campaign takes 40–60 hours. Paid services cover many more brokers, handle re-removal when data reappears, and provide documentation. If your threat model includes stalking, doxxing, or high-value fraud risk, a paid service is worth it. For casual privacy, manual opt-outs of the top 20 brokers cover most of the exposure.
Final Thoughts
The data broker industry thrives on obscurity. Most people have no idea that their income range, home address, medical inferences, and daily movements are being sold to the highest bidder — often to companies with little accountability. But once you understand the system, you can push back. Start with a self-search this week, opt out of the top 10 people-search sites, and adopt one new privacy habit each month. Within a year, your digital exposure will be dramatically smaller, and the data brokers will have a lot less of you to sell.
Protect your links with Lunyb
Create secure, trackable short links and QR codes in seconds.
Get Started FreeRelated Articles
AI and Privacy: What You Need to Know in 2026
AI systems now collect and infer more personal data than ever before. This 2026 guide explains the biggest privacy risks, new global regulations, and the practical steps you can take to stay in control of your information.
Online Privacy Tips for UK Residents 2026: The Complete Guide
A practical, up-to-date guide to online privacy for UK residents in 2026. Covers UK GDPR rights, browser hardening, encrypted DNS, safer link sharing, and defences against Britain's most common scams.
How Much Is Your Personal Data Worth in 2026? The Real Numbers
Your personal data is worth hundreds of dollars per year to advertisers and thousands to criminals. Here's the 2026 price list for everything from email addresses to medical records, plus how to protect what's yours.
GDPR vs CCPA: Understanding Your Privacy Rights in 2026
GDPR and CCPA are the two most influential privacy laws in the world, but they take very different approaches. This guide compares their rights, obligations, and penalties so you know exactly where you stand as a consumer or a business.