What is a data broker?
A data broker collects and sells, licenses, or makes available personal information about consumers they don’t directly interact with.
Your personal information is big business for data brokers. These companies collect, categorize, and sell personal information on billions of people. The data broker industry was valued at $264 billion in 2023 and is expected to grow to $471 billion by 2032¹. Even though the industry is so large, it’s not at the forefront of most consumers’ minds.
In this article, we’ll cover what a data broker is, what types of information it collects, and what happens to your information. We’ll also show you what you can do to keep your data safe.
Key Points
- Data brokers can collect information from a variety of public and private sources, including government records, public databases, and commercial entities.
- Only a handful of states in the U.S. have specific regulations for data brokers — California, Oregon, Texas, and Vermont
- Using a tool like Mozilla Monitor Plus can help you proactively remove some information from data broker sites.
What is a data broker (and why should you care)?
A data broker, also called an information broker, is a company that indirectly obtains personal information about consumers and sells, licenses, or otherwise makes it available to other entities. Buyers of brokered personal information use it for various purposes such as targeted advertising, generating leads, or building profiles for people search services.
Any time you create an account or start a rewards program online, there’s a chance your information could end up in the hands of a data broker. This matters because the majority of the public is unaware of companies profiting from their personal information, and because almost anyone can purchase data from data brokers for whatever reason.
What does a data broker do?
In the information age, your personal information is like currency. Companies pay good money to access consumer profiles that include names, email addresses, physical addresses, phone numbers, and other personal facts. Let’s take a look at the types of consumer data points these brokers aggregate and what happens to them.
Types of personal information that data brokers collect
Data brokers scour information from a variety of public and private sources to build your profile, such as:
- Local, state, and federal government records: Professional licenses, recreational licenses, property records, voter information and registries, DMV records, court records
- Public sources: Social media, blogs, directories, business listing sites, websites that allow crawlers
- Commercial sources: Purchase information, registration websites, location and other data from mobile apps, credit bureaus, utility companies, web browser data, surveys, contests
The next time you’re offered a free rewards program, think twice. Most likely, your personal information is a business asset that the company wants.
What happens to your personal data after it’s collected?
A single data broker may get bits of your information from dozens of sources. Then, it catalogs that data and builds a profile. It may sell that profile as-is or add you to segments of similar consumer profiles based on your background and interests.
The broker only has access to what it knows from your indirect sources. It takes that information and makes guesses about what you’re interested in or have experienced. These inferences can be accurate or off the mark, and you can end up on lists that don’t apply to you.
In 2014, the Federal Trade Commission (FTC) released a study “Data Brokers: A Call for Transparency”² and included examples of segments it found:
- Exercise/Sporty Living
- Allergy Sufferer
- Working-Class Mom
- Affluent Baby Boomer
- Leans Left
- Twitter User With 250+ Friends
Consumers of brokered data are mostly other businesses, but they can be individuals or even state actors in some situations. Businesses often come to data brokers for marketing purposes. They’ll use the data to find people who match a specific profile and send them direct mail or online ads.
Some companies use brokered data to mitigate risk, too. For example, a company may check if an email address has been associated with fraudulent purchases in the past. People search is another major application of brokered personal data. Individuals and businesses use people search sites to find out more about a person.
Inaccurate data can cause problems, though. For instance, someone could end up on a list of bad credit borrowers that causes an application to fall through when that didn’t apply to them.
Who are the biggest data broker sites?
Major data brokers include³:
- Acxiom
- LexisNexis
- Oracle America
- Equifax
- Aristotle
- Experian
- TransUnion
- Epsilon
- TowerData
- FullContact
- CoreLogic
- Data Axle
- Nielsen Marketing Cloud
- Foursquare Labs, Inc.
- OnAudience
Are data brokers legal?
Unfortunately for consumers, the law doesn’t always prevent companies from scraping public information and building profiles. And in some places, it’s also perfectly legal for apps and websites to sell personal information about consumers without their knowledge. The data broker industry is lucrative and only a few states have specific regulations to address this activity.
Do data brokers need consumer consent?
In the US, most privacy laws focus on entities that collect data directly from consumers. Because data brokers lack a direct relationship with the consumers whose data they broker, they can typically buy and sell your data with little transparency or accountability. Additionally, many apps and websites also bundle or bury your consent to share your information with data brokers and other third parties in vague or lengthy terms and conditions.
Even where consumers could theoretically limit this sharing by entities they do have a relationship with, do they really have a choice considering how digitally connected modern life is? In 2015, researchers from the University of Pennsylvania found a majority of survey respondents felt unable to control their information online.⁴ Here’s a key takeaway:
“They feel that they would face significant social and economic penalties if they were to opt-out of all the services of a modern economy that rely on an exchange of content for data. They have slid into resignation—a sense that while they want control over their data world they will never achieve it.”⁵
What regulations apply to data brokers?
In short, very few because most privacy laws focus on entities that collect data directly from consumers, and not data brokers who lack a direct relationship with consumers.
In the United States, data brokers must comply with HR 7520. Also called the Protecting Americans’ Data from Foreign Adversaries Act, this federal act penalizes data brokers that sell or license certain sensitive consumer information to foreign adversaries or entities controlled by foreign adversaries. It took effect in June 2024.
Besides that, California, Oregon, Texas, and Vermont all require entities that meet their definitions of a “data broker” to register annually or before doing business in the state. Data brokers must provide consumers with more transparency about personal data and allow consumers to request the deletion of their personal data held by these entities. These states can impose various fines, fees, and other penalties for noncompliance.
The California government also passed the California Delete Act (SB362) in 2023. This enables an accessible deletion mechanism by 2026, so consumers can go to one website and request that all data brokers delete their information.
In Europe, laws like the General Data Protection Regulation (GDPR) provide more protections for consumers from data brokering because they apply to all personal data collected and processed by entities, whether collected directly from or indirectly about individuals. Consumers also have robust data subject rights to access, correct, delete, and restrict the processing of their personal data.
The dark side of data broker companies
Privacy is easy to understand in the physical world where you can go home at night and lock your doors. But it’s much harder to lock up your digital footprint online. Enjoying the convenience of modern technology means you may give up thousands of data points to brokers over time.
The alarming part is that almost anyone can buy your data. This can include stalkers and people wanting to intimidate others. For example, in 2024 the FTC filed a complaint about broker X-Mode Social for failing to protect consumer location data. The complaint listed privacy concerns such as location data being used to track people who visit reproductive health clinics or participate in political marches and protests. The FTC subsequently prohibited the company from selling or sharing location data.⁶
Data breach concerns
The sensitive information a data broker possesses is enticing to scammers and hackers. The data is often already organized by profiles associated with individuals and groups. Data brokers have been breached in the past, such as a leak in 2024 that exposed 170 million data records.⁷
What can you do to safeguard your information?
Maintaining awareness is the first part of keeping your information safe online. The next time you sign up for a free rewards program or download an app that asks to track your location, take a pause.
Consider actually reading the terms and conditions to see what happens with your data. Avoid granting access to full cookies as you browse the net and consider using a privacy-first browser like Firefox.
If you’re worried about being involved in a data leak, you can use Mozilla Monitor to find out if and where your private information may have been exposed.
How to stop data broker sites from selling your information
While the data broker industry is ubiquitous, Mozilla Monitor can help you protect some of your personal information from being made widely or additionally available online. The product can provide proactive removal services of your private information, like address, phone number, email, and more, by scanning 208 sites each month. You can also get step-by-step guidance whenever manual action is needed by you. This can help you take back some control in a digital environment where data brokers largely do what they want with consumer data.
¹ Vyas, G. (2025). Data Broker Market Overview. Market Research Future. https://www.marketresearchfuture.com/reports/data-broker-market-11676
² Federal Trade Commission. (2014, May) Data Brokers: A Call for Transparency. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
³ Ibid., Vyas, G.
⁴ Turow, J. , Hennessy, M. and Draper, N. (2015, June 26). The Tradeoff Fallacy: How Marketers are Misrepresenting American Consumers and Opening Them Up to Exploitation. https://ssrn.com/abstract=2820060
⁵ Ibid, pp. 9.
⁶ Federal Trade Commission (2024, January 9). FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data. https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-order-prohibits-data-broker-x-mode-social-outlogic-selling-sensitive-location-data
⁷ Okunytė, P. (2024, August 30). Researchers trace massive data leak to US data broker: why should you care. Cybernews. https://cybernews.com/security/people-data-labs-data-leak/
