What Are Data Brokers? How Companies Collect and Sell Your Personal Information

You may not know their names, but data brokers probably know yours. They may know your current address, old addresses, phone numbers, relatives, likely interests, shopping habits, property records, estimated income range, online activity signals, or location patterns. Not always perfectly. Not always fairly. But often enough to build a profile that can be sold, rented, shared, matched, or used to target you.

So, what are data brokers? Data brokers are companies that collect personal information about people, usually from many different sources, then organize, analyze, package, sell, license, or share that information with other organizations. Some brokers focus on marketing. Some power people-search websites. Some support fraud prevention, identity verification, background checks, lead generation, political advertising, risk scoring, or location intelligence.

The Federal Trade Commission has described data brokers as companies that collect information about consumers from many online and offline sources, often without consumers directly interacting with them. Its 2014 report examined nine data brokers and warned that the industry operated with limited transparency for ordinary consumers. (Federal Trade Commission)

That lack of direct relationship is the key issue. You may knowingly give your address to a retailer, your phone number to an app, or your property information to a public agency. But you may not expect that pieces of your life can be copied, matched, enriched, scored, and sold through a separate data marketplace.

Quick Answer: What Are Data Brokers?

A data broker is a business that collects personal information from public records, commercial sources, websites, apps, surveys, data partners, and other brokers, then makes that information available to other companies, advertisers, researchers, investigators, or institutions.

A simple example:

Step	What Happens
1	You fill out a form, buy something online, install an app, register a product, or appear in a public record.
2	That data point becomes available through a company, partner, database, public source, tracking tool, or broker network.
3	A data broker matches it with other information linked to your name, address, email, phone number, device ID, or household.
4	The broker creates or updates a profile.
5	That profile may be sold, licensed, shared, or used for advertising, identity verification, lead generation, analytics, or risk assessment.

Not every data broker does the same thing. Some sell raw contact lists. Some maintain people-search databases. Some create advertising segments such as “homeowners,” “new parents,” “auto insurance shoppers,” or “frequent travelers.” Some provide identity-verification tools that businesses use to reduce fraud. Some sell location-derived insights. The business models vary, but the core idea is similar: personal data becomes a commercial asset.

Why Data Brokers Matter More Than Most People Realize

Most people understand that social media platforms and search engines collect data. Data brokers feel more hidden because you often do not create an account with them, download their app, or visit their website. They sit behind the scenes.

That matters for four reasons.

First, data brokers can connect information from different parts of your life. One database may know your property record. Another may know your shopping category. Another may know your device advertising ID. Another may know that your email appeared in a marketing list. When those pieces are matched, they can create a profile that feels far more personal than any single data point.

Second, the data may be wrong. A broker profile can contain outdated addresses, incorrect relatives, wrong income estimates, or inaccurate interests. In marketing, that may only mean annoying ads. In risk, identity, employment, housing, insurance, or financial contexts, inaccurate data can create more serious problems.

Third, removal is fragmented. One opt-out request rarely removes your information from every broker. Your data can reappear if another source republishes it or if a broker reacquires it later.

Fourth, sensitive patterns can be inferred. A list may not say “this person has a medical condition,” but location data, purchase patterns, web activity, or interest segments can still imply personal, health, family, financial, political, or religious information. The FTC has taken action against location-data brokers over allegations involving sensitive location data, including visits to places such as medical clinics, places of worship, shelters, military sites, and other sensitive areas. (Federal Trade Commission)

How the Data Broker Industry Works

The data broker industry is not one neat category. It is a loose ecosystem of companies that collect, aggregate, enrich, analyze, score, verify, resell, or distribute personal information.

Some companies are obvious data brokers. Others are data platforms, marketing vendors, analytics companies, identity-resolution providers, fraud-prevention vendors, lead generators, people-search websites, or location intelligence firms. A company may not call itself a data broker, but its business model may still involve collecting and distributing personal data it did not collect directly from the consumer.

The Basic Data Broker Business Model

Most broker models follow a version of this chain:

1. Collect data from public, commercial, online, offline, and partner sources.
2. Clean and normalize data so names, addresses, emails, phone numbers, and device IDs can be matched.
3. Enrich profiles by adding demographics, interests, household details, property data, shopping signals, or behavioral categories.
4. Segment audiences into useful groups for advertisers, businesses, investigators, or platforms.
5. Sell, license, share, or activate data through lists, APIs, dashboards, integrations, ad platforms, or data marketplaces.
6. Refresh data as new records, app signals, purchases, or partner feeds arrive.

The money is not always made by selling a spreadsheet with your name in it. Sometimes the broker sells access to an audience. Sometimes it sells an identity match. Sometimes it sells risk signals. Sometimes it sells a search result. Sometimes it helps another company append missing information, such as adding a phone number to an email list.

First-Party, Third-Party, and Public-Record Data

To understand data brokers, it helps to separate three common data categories.

Data Type	Meaning	Example
First-party data	Data a company collects directly from you.	You give your email to an online store.
Third-party data	Data collected or shared by another organization.	A marketing vendor sells a list of likely homeowners.
Public-record data	Information made available through government or legal records.	Property records, business registrations, court records, voter files where available.

Data brokers often combine these. A public property record may identify a homeowner. A marketing source may attach a likely income range. A retail source may add product categories. An online identifier may connect the household to digital advertising.

That is how a basic record becomes a richer commercial profile.

How Small Data Points Become a Profile

A single data point may not say much. But data brokers specialize in matching.

For example:

• Your email appears in a newsletter signup.
• Your phone number appears in a lead form.
• Your address appears in a property record.
• Your device ID appears in a mobile advertising ecosystem.
• Your purchase category appears through a loyalty or retail partner.
• Your age range appears through a demographic database.

A broker or identity-resolution company may connect these signals using identifiers such as name, address, phone, email, hashed email, cookie ID, mobile advertising ID, IP address, or household-level matching.

The result is not always a precise biography. It is more like a commercial guessbook: some verified facts, some inferred categories, some outdated records, and some probabilistic assumptions. Still, that guessbook can influence what ads you see, which offers reach you, how easy it is for someone to find your home address, or how scammers personalize their messages.

What Personal Information Do Data Brokers Collect?

Data brokers may collect or infer many types of personal information, depending on their business model and legal limits.

Common categories include:

Category	Examples
Identity data	Name, aliases, age range, date-of-birth range, household members.
Contact data	Address, old addresses, phone numbers, email addresses.
Public records	Property ownership, business filings, professional licenses, court records where public.
Demographic data	Household size, marital status estimate, education estimate, income range estimate.
Financial-adjacent data	Home value estimate, purchase capacity, credit-adjacent marketing categories.
Shopping data	Product interests, loyalty signals, catalog activity, purchase categories.
Online data	Cookies, browsing signals, device identifiers, ad interactions, app activity signals.
Location data	Mobile location signals, location-derived audience segments, visit patterns.
Interest segments	Travel, fitness, cars, insurance, parenting, home improvement, finance, technology.
Sensitive inferences	Health interests, political interests, religious interests, pregnancy-related signals, military-related location patterns.

Not every broker has all of this. Not every data element is attached to a named profile. Some data is household-level, pseudonymous, aggregated, or probabilistic. But “not directly named” does not always mean “safe.” Data can sometimes be linked back to people when enough identifiers are combined.

Where Do Data Brokers Get Your Information?

Data brokers rarely rely on one source. Their strength is aggregation.

Public Records

Public records are a major source for people-search sites and identity databases. These can include property records, business registrations, court records, professional licenses, bankruptcy records, voter registration information in some states, and other government-maintained datasets.

Public records can be lawful to access, but data brokers make them easier to search, combine, and commercialize. That changes the practical privacy impact. A record that was once available at a county office can become searchable by name, phone number, address, or relative in seconds.

Apps, Websites, and Ad Tech

Websites and mobile apps can collect information through cookies, tracking pixels, software development kits, analytics tools, and advertising technologies. In the advertising world, data can flow through platforms involved in targeted advertising, measurement, attribution, and real-time bidding.

A common beginner mistake is assuming that only the website you visit sees your activity. In reality, third-party scripts, embedded tools, ad exchanges, analytics vendors, and data partners may receive signals too, depending on the site’s setup and user consent choices.

The Digital Advertising Alliance’s WebChoices tool, for example, is designed to let users opt out of interest-based advertising from participating companies, but it does not erase all broker data or apply to every company in the broader data ecosystem. (digitaladvertisingalliance.org)

Retail, Loyalty, and Purchase Data

Retailers and loyalty programs often collect purchase histories, product preferences, store visits, coupon use, and household shopping patterns. That information can be valuable for marketing and analytics.

Sometimes it stays inside the retailer. Sometimes it is used with advertising partners. Sometimes it contributes to broader audience segments. Privacy policies usually describe broad sharing categories, but most users do not read them closely.

Surveys, Warranty Cards, and Lead Forms

Old-school data collection still matters. Sweepstakes, quizzes, surveys, warranty cards, quote requests, mortgage forms, insurance lead forms, education inquiry forms, and “free estimate” pages can all generate valuable personal data.

For example, someone searching for insurance quotes may enter their name, phone number, ZIP code, age, vehicle, homeownership status, and coverage interest. That data can be routed to lead buyers, marketing partners, call centers, or data append services depending on the form’s terms.

Other Brokers and Data Partners

Data brokers also buy from, sell to, and exchange with other companies. This is why removal is hard. Even if one broker deletes your profile, another broker may still have it. A third broker may later refresh the first broker’s database.

That circular flow is one reason privacy advocates criticize the industry. The consumer sees one exposed profile, but behind it may be a chain of sources and downstream recipients.

Who Buys Data Broker Information?

Data broker customers vary widely.

Common buyers include:

Buyer Type	Why They Use Data
Advertisers	Build target audiences and personalize campaigns.
Lead generators	Find likely customers for insurance, loans, home services, education, or legal services.
Retailers	Enrich customer profiles and measure marketing performance.
Political campaigns	Target voter segments and issue-based audiences.
People-search users	Find addresses, phone numbers, relatives, or background clues.
Fraud-prevention companies	Verify identity or flag suspicious activity.
Financial institutions	Support compliance, identity verification, risk screening, or fraud detection.
Investigators	Locate people or connect identity records.
App and ad-tech platforms	Match users across devices and campaigns.

Some uses can be beneficial. Fraud prevention, identity verification, and address validation can reduce scams and account takeover. But the same ecosystem can also create risks when data is inaccurate, overly sensitive, poorly secured, sold without meaningful consent, or used in ways consumers would not reasonably expect.

Data Brokers vs People-Search Sites vs Credit Bureaus

These categories overlap, but they are not identical.

Category	Main Function	Consumer Risk
Data brokers	Collect, enrich, sell, license, or share personal data for many uses.	Lack of transparency, unwanted profiling, downstream sharing.
People-search sites	Display personal details such as address, phone, relatives, and possible records.	Doxxing, stalking, harassment, unwanted contact.
Credit bureaus	Maintain credit reports used for lending and other regulated decisions.	Financial harm if data is inaccurate; regulated under FCRA.
Consumer reporting agencies	Provide reports for employment, housing, credit, insurance, or eligibility decisions.	Legal rights apply, but errors can still cause serious harm.
Ad-tech platforms	Use identifiers and audience data to target or measure ads.	Behavioral tracking, sensitive inference, limited user understanding.

Credit bureaus and consumer reporting agencies are subject to the Fair Credit Reporting Act when data is used for covered purposes such as credit, employment, housing, insurance, or similar eligibility decisions. Many marketing data brokers sit outside that framework unless their activities fall into regulated use cases.

The CFPB proposed a rule in December 2024 that would have addressed certain data broker practices under Regulation V and the FCRA, but the Bureau withdrew that proposal effective May 15, 2025, stating it would take no further action on that rulemaking. (Consumer Financial Protection Bureau)

How Data Brokers Power Targeted Advertising

Targeted advertising data is one of the most visible parts of the broker economy. When people say, “Why am I seeing this ad everywhere?” data brokers and ad-tech systems may be part of the answer.

Here is a simplified version:

1. A person visits websites, uses apps, shops online, or interacts with content.
2. Tracking technologies or platform data create signals about interests or behavior.
3. Those signals may be connected to identifiers such as cookies, device IDs, hashed emails, or household IDs.
4. Data companies create audience segments.
5. Advertisers select audiences likely to care about a product.
6. Ads are delivered across websites, apps, social platforms, streaming services, or email channels.

Audience segments can be harmless, like “people interested in running shoes.” They can also be sensitive, like segments related to health concerns, financial stress, religion, politics, location visits, or family status.

The danger is not only that ads become annoying. It is that personal signals can become labels. Once labels exist, they can move through systems that ordinary people cannot see.

Main Privacy Risks for Consumers

1. Identity Theft and Scams

Data broker profiles can help scammers personalize attacks. A scammer with your name, phone number, city, relatives, employer clues, or property details can make a fake message sound more believable.

For example, a scam text that says “Hi John, this is about your property on Oak Street” feels more convincing than a generic message. The more personal the data, the easier it is to build trust quickly.

2. Doxxing, Stalking, and Harassment

People-search sites can expose addresses, phone numbers, relatives, and past locations. For public-facing professionals, abuse survivors, journalists, activists, teachers, healthcare workers, and small-business owners, that exposure can become a safety issue.

This is one of the clearest harms of public-facing data broker websites: they make personal contact details easy to find at scale.

3. Sensitive Location Exposure

Location data is especially risky because it can reveal patterns. Visits to clinics, places of worship, shelters, addiction treatment centers, political events, military sites, or private homes can expose more than simple movement.

The FTC finalized an order in 2024 prohibiting X-Mode/Outlogic from sharing or selling sensitive location data after allegations that precise location data could track visits to sensitive places. (Federal Trade Commission)

4. Inaccurate Profiles

Data brokers can be wrong. Profiles may mix two people with similar names, keep old addresses, infer the wrong income range, attach incorrect relatives, or assign misleading interests.

If the data is used only for marketing, the harm may be irritation. If it is used for eligibility, identity verification, fraud scoring, background screening, or risk analysis, the stakes are higher.

5. Discrimination and Unfair Targeting

Data can be used to include or exclude people from offers. In advertising, this might affect who sees housing, employment, financial, education, or insurance-related promotions. In sensitive areas, poor data practices can create unfair outcomes even when no one intends direct discrimination.

6. Loss of Control

The most frustrating issue is control. You may be able to opt out from one broker, but not know which other companies have your profile. You may delete a profile, then see it reappear months later. You may submit a request, then be asked to provide more personal information to verify your identity.

That process can feel like a privacy treadmill.

What US Privacy Laws Say About Data Brokers

The United States does not have one comprehensive federal consumer privacy law that covers all data brokers in the same way. Instead, privacy rights depend on state law, sector-specific federal law, and the specific use of data.

California

California has one of the most developed state-level privacy regimes for data brokers. California’s CCPA gives residents rights such as knowing, deleting, correcting, and opting out of certain sale or sharing of personal information. The California Attorney General explains that consumers may request that businesses stop selling or sharing personal information, including through a user-enabled global privacy control. (California AG)

California also has a data broker registry and the Delete Request and Opt-out Platform, known as DROP. As of January 1, 2026, California residents can use DROP to submit a deletion request to active registered data brokers; brokers are required to begin processing those requests on August 1, 2026. (California Privacy Protection Agency)

Texas

Texas requires data brokers to register with the Secretary of State to conduct business in Texas, and the Secretary of State maintains a searchable central data broker registry. (Texas Secretary of State)

Vermont

Vermont was an early state to regulate data brokers through registration and security requirements. While implementation details can change, Vermont remains an important reference point in US data broker regulation.

Federal Trade Commission

The FTC can take action against unfair or deceptive practices, including privacy and data security practices. It has brought actions involving sensitive location data and data broker practices, but the FTC does not function as a universal deletion portal for every consumer data broker. (Federal Trade Commission)

NIST Privacy Framework

The NIST Privacy Framework is not a consumer law. It is a voluntary framework to help organizations identify and manage privacy risk. It is useful for explaining what responsible privacy management should look like: data should be understood across its lifecycle, from collection through disposal. (NIST)

How to Opt Out of Data Brokers

A data broker opt out is a request asking a broker to remove, suppress, delete, or stop selling certain personal information, depending on the broker’s process and applicable law.

A practical opt-out workflow looks like this:

Step 1: Search for Your Exposed Information

Search your name with:

• City and state
• Old address
• Phone number
• Email address
• Family member name
• Business name, if applicable

Look for people-search sites, data broker listings, old directories, profile pages, and copied records.

Step 2: Prioritize High-Risk Listings

Start with listings that expose:

• Current home address
• Phone number
• Relatives
• Age or date-of-birth clues
• Property details
• Court or background-record teasers
• Employer or business location
• Personal email

Do not waste all your energy on low-risk duplicates first. Remove the most sensitive pages first.

Step 3: Use the Broker’s Official Opt-Out Page

Most people-search sites have an opt-out or suppression form. The form may ask for the profile URL, email verification, identity verification, or state residency information.

Be careful. Some removal processes ask for more personal information. Provide only what is required, and avoid uploading sensitive documents unless the broker’s process and legal need are clear.

Step 4: Save Proof

Keep a spreadsheet with:

Field	Example
Broker/site name	Example People Search Site
Profile URL	The exposed listing URL
Date requested	June 11, 2026
Email used	Privacy-specific email address
Status	Submitted / removed / pending / reappeared
Notes	Asked for ID; verified by email; profile removed

Step 5: Recheck Later

Removal is not always permanent. Recheck after 30–90 days, then periodically. Data can reappear when brokers refresh from public records or partner feeds.

Step 6: Use State Tools Where Available

California residents should consider using official California privacy tools and rights, including DROP for covered data brokers. Other states may offer registries or rights depending on local law.

Manual Opt-Out vs Data Removal Services

Manual opt-out is possible, but it takes time. Paid data removal services exist because the work is repetitive, fragmented, and never fully finished.

Option	Pros	Cons
Manual opt-out	More control, lower cost, good for learning where your data appears.	Time-consuming, repetitive, easy to miss brokers, requires rechecking.
Paid removal service	Saves time, monitors many brokers, useful for public-facing or high-risk people.	Ongoing cost, coverage varies, cannot remove every source, requires trusting another company.
Hybrid approach	Remove high-risk listings yourself and use a service for ongoing scans.	Still requires organization and periodic review.

A paid service can be useful, but it is not magic. No legitimate service can guarantee full removal from the internet, all public records, all private databases, all search results, or all future data feeds.

How to Reduce Future Personal Data Collection

Opting out helps with existing exposure. Reducing future collection requires better habits.

Use a Separate Email for Shopping and Forms

Create a dedicated email for coupons, online shopping, sweepstakes, quote forms, and newsletters. Keep your primary email for banking, work, government, and personal communication.

Limit App Permissions

Review location, contacts, microphone, camera, Bluetooth, and background activity permissions. Many apps do not need precise location access all the time.

Turn Off Mobile Advertising ID Personalization

On iOS and Android, review ad personalization settings and reset advertising IDs periodically where available. This will not stop all tracking, but it can reduce some cross-app profiling.

Use Browser Privacy Controls

Use browsers or extensions that block third-party trackers. Consider enabling Global Privacy Control where supported. California recognizes user-enabled global privacy controls for opt-out requests under CCPA guidance. (California AG)

Be Careful With Lead Forms

Insurance quotes, loan forms, education inquiries, sweepstakes, and “free estimate” pages can trigger marketing calls and data sharing. Use reputable sources, read the consent language, and avoid entering your main phone number unless necessary.

Freeze Your Credit

A credit freeze does not remove data broker profiles, but it can reduce the risk of new credit accounts being opened in your name. Use official credit bureau channels and keep your freeze PINs or account access secure.

Remove Unused Accounts

Old accounts can leak or sell data. Delete accounts you no longer use, especially shopping sites, forums, apps, and old services that hold your name, phone, address, or payment details.

Avoid Oversharing Publicly

Public social media posts can feed search engines, scrapers, scammers, and profiling systems. Avoid posting your birthday, home address clues, travel timing, children’s school names, or personal documents.

Common Mistakes People Make

Mistake 1: Thinking “Incognito Mode” Stops Data Brokers

Private browsing mainly limits local browser history on your device. It does not make you invisible to websites, networks, apps, accounts, advertisers, or data partners.

Mistake 2: Removing One Listing and Assuming the Problem Is Solved

One people-search page is usually only one copy. The same profile may exist on dozens of sites.

Mistake 3: Giving More Information Than Needed

Some opt-out forms request verification. But do not casually upload ID documents or provide extra personal data unless necessary and appropriate.

Mistake 4: Ignoring Old Phone Numbers and Emails

Old identifiers can still connect to you. Search old emails, old phone numbers, former addresses, and name variations.

Mistake 5: Believing All “Free Background Check” Sites Are Harmless

Some sites use teasers to collect clicks, sell reports, or push subscriptions. Even if the information is partly inaccurate, the exposure can still create risk.

Mistake 6: Treating Privacy as a One-Time Cleanup

Privacy maintenance is ongoing. New records, new leaks, app changes, and broker refresh cycles can recreate exposure.

What Competitors Often Miss About Data Brokers

Many articles frame data brokers as only advertising companies. That is incomplete.

Data brokers also support:

• People-search lookup tools
• Identity verification
• Fraud detection
• Risk scoring
• Public-record aggregation
• Background-check-adjacent research
• Political targeting
• Location intelligence
• Lead generation
• Data enrichment for sales teams
• Audience matching across platforms

Another missed point: not all broker activity is illegal. Some uses are permitted, some are regulated, some are questionable, and some may violate privacy or consumer protection laws depending on facts. A useful privacy article should not tell readers that every data broker is automatically a scam. The stronger explanation is this: the industry creates real utility for businesses, but it also creates serious transparency, consent, safety, accuracy, and accountability problems for consumers.

Beginner Example: Why You Got a Flood of Calls After Filling Out One Form

Imagine you searched for car insurance and filled out a quote form. You entered your name, ZIP code, vehicle, phone number, email, age range, and coverage interest.

That form may be operated by an insurer, but it may also be a lead-generation site. Depending on the terms, your information could be shared with multiple insurance agents, marketing partners, call centers, or data companies. Other firms may append more data, such as homeownership status or estimated household profile.

Then the calls start.

That is not always a “hack.” Often, it is data sharing. The issue is that most users do not understand how many companies may receive the information after one form submission.

Intermediate Example: Why Ads Follow You Across Devices

You search for moving companies on your laptop. Later, you see moving-related ads on your phone.

That can happen through several mechanisms:

• You were logged into the same platform on both devices.
• Your email was matched across services.
• Your household IP address helped link devices.
• A data broker or identity-resolution partner connected your laptop browser and mobile device.
• An advertiser uploaded a customer or lead list to an ad platform.
• Cookies, pixels, SDKs, or mobile ad IDs helped create a cross-device profile.

The ad may feel like someone is “listening.” In most cases, it is less magical and more mechanical: identity matching plus behavioral signals plus ad targeting.

Advanced Example: How Data Enrichment Changes a Customer List

A small business may have a list of customer emails. A data enrichment vendor may add phone numbers, postal addresses, job titles, household attributes, or likely interests. The business can then segment customers for email campaigns, direct mail, sales outreach, or advertising.

That sounds efficient. It can be. But it also shows how personal data moves beyond the original interaction. You may have given an email to one business, but enrichment can connect that email to a much wider profile.

Trust Note for Privacy and Safety

This article is general educational information, not legal advice. Privacy rights vary by state, data use, company type, and legal context. If you face stalking, domestic violence, identity theft, employment-screening harm, housing denial, financial fraud, or legal risk, consider contacting a qualified attorney, consumer protection agency, victim support organization, or identity theft recovery resource.

Final Takeaway

Data brokers are companies that collect, combine, analyze, sell, license, or share personal information. They matter because they often operate outside the direct relationship you have with apps, stores, websites, and public agencies.

You cannot completely disappear from every database. But you can reduce exposure. Start with people-search removals, use state privacy rights where available, tighten app and browser settings, avoid unnecessary lead forms, freeze credit, delete old accounts, and recheck your information periodically.

The realistic goal is not perfect invisibility. It is less exposure, fewer easy matches, fewer public listings, and better control over the personal information that can be used to target, contact, profile, or impersonate you.

9. FAQ Section

10. Conclusion

Data brokers turn scattered personal details into searchable, sellable, and usable profiles. Some of that data supports legitimate business functions, but the same ecosystem can expose home addresses, fuel unwanted marketing, increase scam risk, enable sensitive profiling, and make privacy feel out of reach.

The best approach is practical, not paranoid: understand where the data comes from, remove the most exposed listings, use legal rights where available, limit future collection, and repeat the process periodically. For readers asking what are data brokers, the answer is simple enough. They are middlemen in the personal data economy. The harder lesson is that privacy protection now requires ongoing maintenance.