The Industry You Have Never Heard Of

The data broker industry generates an estimated $300 billion annually. It is larger than the music industry, the film industry, and the video game industry combined. And yet most people have never heard of its major players — Acxiom, Experian, Equifax, LexisNexis, Intelius, Spokeo, BeenVerified, Whitepages, and thousands of smaller operators.

Their business is simple: collect as much personal information as possible, organise it into profiles, and sell it. Their customers include marketers, insurers, employers, landlords, private investigators, debt collectors, law enforcement agencies, and governments.

Your data is almost certainly in these databases. You never gave these companies permission to collect it. In most countries, you have limited legal remedies. But you do have options.

What Data Brokers Know About You

A comprehensive data broker profile might include:

Identifiers: Full legal name, aliases, maiden name, date of birth, Social Security number (partially masked), driver's licence number
Contact information: Current and historical addresses, phone numbers (mobile and landline), email addresses
Relationships: Spouse, children, parents, roommates, known associates
Financial data: Estimated income and net worth, property ownership and estimated value, vehicle ownership, bankruptcies, tax liens, judgements
Consumer behaviour: Purchase history from retailer loyalty programmes and credit card data aggregators, subscriptions, catalogue orders
Digital behaviour: Website visits (from tracking pixel networks), app usage, social media activity
Inferred characteristics: Political affiliation, religion, health conditions, sexual orientation, estimated ethnicity — all inferred from behaviour and publicly available information
Location history: Real-time and historical geolocation data purchased from mobile apps that sell location permissions
Public records: Court filings, voter registration, business licences, professional licences

The profile is assembled from hundreds of sources: public records, retail purchase data, financial transaction data, social media scraping, browser tracking, app-based location data, and information you directly entered into websites (which sold it to brokers, usually buried in their terms of service).

How Your Data Gets There

Retail Loyalty Programmes

When you sign up for a supermarket loyalty card, the retailer tracks every purchase. Most large retailers sell this aggregated and attributed purchase data to data brokers. Your entire purchase history — including health products, alcohol, tobacco, baby items, and medically-related products — is available for sale.

Mobile Apps Selling Location

A significant portion of free mobile apps monetise by selling access to your location data. Weather apps, flashlight apps, games — any app that requests location permission can log and sell it. A Wall Street Journal investigation found that a major data broker was purchasing location data from over 1,000 mobile apps.

Social Media Scraping

Public social media posts, connection graphs, profile information, and check-ins are scraped at scale. Even if you have a private account, information you have made public — or that your connections have shared — may be captured.

Browser Tracking Pixels

The network of third-party tracking pixels embedded in websites feeds browsing history into data broker databases. When you visit a health information site, an employment site, a legal information site, or a financial site, that visit is logged, attributed to your advertising identity, and potentially sold.

Data You Entered Directly

Many websites you have registered with sold your information to data brokers. This is typically permitted by their terms of service. Genealogy sites, people-search sites, quiz and survey sites, and sweepstakes entry sites are particularly aggressive sellers.

The Harms

Data brokers are not a passive industry. Their products cause concrete harm:

Insurance discrimination: Insurers use inferred health data to set premiums and deny coverage
Employment discrimination: Background check companies provide inferred characteristics that may not be in a candidate's record
Stalking and harassment: People-search sites provide current home addresses, enabling stalkers and abusers to locate victims. Domestic violence organisations have documented deaths resulting from data broker lookups.
Targeted manipulation: Political campaigns, scammers, and fraudsters use detailed profiles to craft highly personalised manipulation
Price discrimination: Dynamic pricing systems use inferred wealth and urgency to charge higher prices to people who can afford less choice

How to Start Removing Your Data

The Manual Approach

Every major data broker has an opt-out process. This is required by CCPA for California residents and by GDPR for EU residents with respect to brokers operating in those markets. The process is deliberately cumbersome: most require you to submit a request via a web form, verify your identity, and wait weeks for removal — only for the data to reappear within months as brokers re-ingest it from other sources.

Major brokers to opt out from: Acxiom, Spokeo, BeenVerified, Whitepages, Intelius, Pipl, Radaris, MyLife, PeopleFinder, Truthfinder, Instantcheckmate, ZabaSearch, Peoplewise, Addresses.com, and the credit bureaux (Equifax, Experian, TransUnion) for their marketing data products. There are hundreds more.

Manual opt-outs take weeks of effort and must be repeated every few months as data re-populates.

Using a Data Removal Service

Services like DeleteMe, Privacy Bee, and Kanary automate the opt-out process across hundreds of brokers. They monitor for re-listing and re-submit removals automatically. Costs range from $50 to $200 per year — a reasonable price for continuous protection.

Prevention Through Blocking

The most effective long-term strategy is preventing data collection at the source. PrivacyGuard's tracker blocking prevents the browser-based surveillance that feeds broker databases. When tracking pixels and third-party scripts cannot fire, the data does not get collected in the first place.

Prevention is not a complete solution — brokers also use public records, financial data, and other non-browser sources. But it significantly reduces the digital exhaust available for profiling.

The Regulatory Outlook

The US currently lacks a federal privacy law equivalent to GDPR. The American Data Privacy and Protection Act (ADPPA) has been introduced in Congress multiple times without passing as of 2026. California remains the strongest state-level protection, and several other states — Virginia, Colorado, Connecticut, Texas — have enacted their own (generally weaker) laws.

In the EU, GDPR should in theory restrict data broker activity significantly — but enforcement against the thousands of smaller brokers operating outside major tech companies has been limited. The European Data Protection Board has issued guidelines, but follow-through by national DPAs has been inconsistent.

The practical reality: legal protections are improving but cannot be relied upon as the sole defence. Active prevention — both technical and administrative — remains necessary.

PrivacyGuard provides the technical layer. Combined with exercising your legal rights and periodic manual removal from major brokers, you can significantly reduce your exposure. Start today.