What Is a Data Broker?
A data broker (also called an information broker or data reseller) is a company that collects personal information about individuals β often without their knowledge or direct interaction β and then sells, licenses, or trades that information to other businesses or individuals.
Data brokers collect data from an enormous variety of sources: public records, social media, loyalty programs, warranty cards, mobile apps, web tracking pixels, credit applications, and purchases from other data brokers. They aggregate this information into detailed consumer profiles and sell access to those profiles to marketers, employers, lenders, insurance companies, government agencies, private investigators, and many others.
The data broker industry is estimated to generate over $200 billion annually in the United States alone. There are thousands of data broker companies operating in the U.S., ranging from household names like Equifax, LexisNexis, and Acxiom to obscure companies most people have never heard of.
What Data Do They Collect?
The scope of data that data brokers collect is staggering. A single data broker profile might include:
Identity data: Full name, aliases, date of birth, Social Security number (often partial), current and past addresses going back decades, phone numbers, email addresses, and family relationships.
Financial data: Estimated income, net worth, property ownership, vehicle ownership, spending habits, purchase history by category, credit range indicators, and bankruptcy history.
Behavioral data: Online browsing history, search history, app usage, purchase history across thousands of retailers, magazine subscriptions, donation history, and political contributions.
Health-adjacent data: Purchases of OTC medications, health-related product categories, fitness tracker data (when sold through apps), and inferred health conditions based on purchase patterns.
Location data: Precise GPS location history from smartphones (often purchased from weather apps, games, or other apps that access location), home address, work address, and frequently visited locations.
Inferred data: Predicted political affiliation, religion, ethnicity, sexual orientation, financial stress indicators, pregnancy status, and hundreds of other "audience segments" derived from observed behavior.
The Major Players
While there are thousands of data brokers, a handful of large companies dominate the industry:
Acxiom: One of the world's largest data brokers, holding data on approximately 2.5 billion people globally. Acxiom's consumer profiles can contain 3,000+ data points per individual. They sell primarily to marketers and consumer businesses.
LexisNexis Risk Solutions: A massive aggregator of public records, court data, and identity information. Widely used by insurance companies, law firms, financial institutions, and government agencies for background checks and risk assessment.
CoreLogic: Focuses on real estate and financial data. Holds detailed property records, mortgage information, and flood/natural disaster risk scores on hundreds of millions of properties.
Spokeo, BeenVerified, Whitepages, PeopleFinder: Consumer-facing people search sites that compile public records and data broker data into searchable profiles. Anyone can pay a few dollars to look up detailed information about you.
Nielsen: Known for TV ratings, Nielsen also operates a massive consumer data business tracking purchase behavior and media consumption.
Oracle Data Cloud, Salesforce Data Studio, LiveRamp: Technology companies that operate data marketplaces, helping advertisers match their customer lists with third-party data and purchase audience segments.
How Privacy Laws Are Changing This
State privacy laws are beginning to put real constraints on data brokers, though the industry has proven remarkably adaptable:
California: The CCPA/CPRA allows California consumers to opt out of the sale of their personal information, which applies to data brokers. California also has a separate Data Broker Registry law requiring data brokers to register with the state annually and provide an opt-out mechanism. In 2024, the California Delete Act (SB 362) created a one-stop opt-out system where consumers can opt out of all registered data brokers simultaneously.
Vermont: Has had a data broker registration requirement since 2018 β the first in the nation.
Texas and Oregon: Their comprehensive privacy laws give consumers opt-out rights that apply to data broker activities.
Most other states: Even states with comprehensive privacy laws often have significant exemptions for data that is "publicly available" β which data brokers use to argue that public records-based profiles are exempt from consumer rights requests.
How to Remove Yourself from Data Brokers
Removing yourself from data broker databases is time-consuming but possible. Here's a strategic approach:
Step 1: Use California's opt-out hub (if applicable). If you're a California resident, the Delete Act's opt-out mechanism lets you submit one request to all registered data brokers simultaneously. This is the most efficient option for California residents.
Step 2: Target the aggregators first. Opting out of Acxiom, LexisNexis, Oracle BlueKai, and LiveRamp will have the largest downstream effect, as many smaller brokers source their data from these companies.
Step 3: Remove people-search profiles. Submit removal requests to Spokeo, BeenVerified, Whitepages, Intelius, PeopleFinder, MyLife, Radaris, and similar consumer-facing people search sites. This protects you from being easily found by strangers.
Step 4: Use an opt-out service. Services like DeleteMe, Privacy Bee, and Kanary automate and maintain ongoing data broker removal requests. They typically charge $100β$200/year but save significant time.
Step 5: Repeat regularly. Data brokers re-populate profiles from new public records and data purchases. Even after opting out, new information can appear. Annual or semi-annual check-ins are advisable.