What Is a Data Broker?
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
Recent statistics show that data is a valuable commodity in today’s highly-digital world. Most companies use data collected by data brokers from their consumers to improve their products and services.
Data brokers buy and sell your personal information to third-party companies mainly for commercial purposes.
Data brokerage is in high demand because of the information they provide. Statistics show the total data broker revenue will reach nearly 365.71 billion USD in 2029.
In this article, learn more about data brokers, what they do, the different types, the value they bring, the legality of their practices, what they know about you, and more!
What is a Data Broker?
The term “data broker” is interchangeable with “information broker.” They are businesses that collect, sell, and license your personal information without directly engaging with you.
The California Consumer Privacy Act of 2018 defines a data broker as “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”
Data brokers extract data from various sources using several ways, both online and offline.
The Washington Post has reported that politicians are using commercial data brokers. Political data brokers collect state voter files and sell them to campaigns, political parties, and academic researchers.
The Federal Trade Commission had warned against data broker operations lacking transparency and possible privacy violations.
The Problem with Data Brokers
Though most practices of data brokers are legal, they are occasionally fined by the Federal Trade Commission for misconduct like selling information used by cybercriminals.
Mindlessly clicking “I agree” to some online privacy policies, cookies, and terms of use can make it legal for data brokers to use your information.
The most common concern with data brokers is data breaches. In 2018, Apollo contained 200 billion data points until a data breach occurred, leaking information, including email addresses. Though it wasn’t sensitive information like credit card details, an email address leak can be enough for hackers to cause real damage.
Here’s a list of information affected by the data breach:
- Full names
- Personal and professional email addresses
- Phone numbers
- Location coordinates of the users and their employers
- Professional data, including current and past employment positions, as well as detailed employer information
- Links to LinkedIn profiles
Apollo is not the only one; there have been many data breaches. In the same year, data broker Exactis had exposed nearly 340 million people’s information to the public internet through an unsecured server; a hacking on Facebook involved 90 million user accounts; and Google+ discovered a Google security bug that exposed the information of 496,951 Google+ users.
Statistics show that certain cybersecurity risks have ethical and legal issues violating privacy. They have your sensitive information hence the need for proper regulation. Plus, once your information is sold, data brokers don’t have a say in how the buyers will use it.
An expert from Lexology, thinks data brokering companies should prepare themselves for increased legal and compliance obligations on data broker activities.
Is Data Brokering Legal?
Yes, data brokering is legal in the United States. There are many efforts at the federal and state levels to bring better oversight on data brokers. But though legislation on this matter has been introduced in Congress, there is no specific nor comprehensive law to regulate businesses that collect, sell, or share a consumer’s personal information.
Laws on this type of market activity are only sectoral and specific to some uses on the state level, like what the states of Vermont and California have.
Here are some examples:
1.Vermont Act 171 of 2018 Data Broker Regulation
Vermont was the first state in the United States to pass a law explicitly regulating data brokers in 2018.
The Data Broker Act (Statute 9 V.S.A. § 2430) prohibits any person or entity from fraudulently acquiring or using brokered personal information.
This law has a broad approach to the data brokerage industry but mainly requires data brokers to do the following:
- Register annually with the Vermont Secretary of State and pay a 100 USD annual registration fee.
- Describe their data collection/sale/licensing practices, opt-out policies, and purchaser credentialing practices.
- Develop comprehensive, written information security programs with required policies, procedures, and safeguards.
If you are a member of the data broker industry affected by this regulation, this guide will help you comply with the law.
2. California Consumer Privacy Act of 2018
The state of California has CCPA, or the California Consumer Privacy Act of 2018 (Civil Code section 1798.99.80), which allows consumers to do the following:
- Obtain copies of what information data brokers have compiled about them.
- The right to request to disclose the source of information.
- The right to request to disclose the purpose for collecting the information.
- The right to request the erasure of certain information.
- The right to opt out of having their data sold without being discriminated against.
To expand the CCPA, Californians voted to approve Proposition 24, a ballot measure that created the California Privacy Rights Act (CPRA).
It is a state-wide data privacy bill that amends and strengthens consumer data privacy rights established by the CCPA in 2018.
The CPPA gives consumers to do the following rights:
- The right to correct inaccurate personal information that a business has about them.
- The right to limit businesses’ use of “sensitive personal information”—including precise geolocation; race; ethnicity; religion; genetic data; private communications; sexual orientation; and specified health information.
3. California Consumer Privacy Act of 2018
The state of California has CCPA, or the California Consumer Privacy Act of 2018 (Civil Code section 1798.99.80), which allows consumers to do the following:
- Obtain copies of what information data brokers have compiled about them.
- The right to request to disclose the source of information.
- The right to request to disclose the purpose for collecting the information.
- The right to request the erasure of certain information.
- The right to opt out of having their data sold without being discriminated against.
To expand the CCPA, Californians voted to approve Proposition 24, a ballot measure that created the California Privacy Rights Act (CPRA). It is a state-wide data privacy bill that amends and strengthens consumer data privacy rights established by the CCPA in 2018.
4. Consumer Financial Protection Bureau
The Consumer Financial Protection Bureau (CFPB) requested an inquiry into data brokers, issuing a “Request for Information Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information.”
The request seeks general information about the data broker market, including brokers’ information collection practices, the industry’s effects on consumers, potential safeguards or controls to regulate data broker activity, and individuals’ experiences interacting with data brokers.
The CFPB intends to use responses to the RFI to inform future rulemaking under the Fair Credit Reporting Act (FCRA).
5. The U.S. Securities and Exchange Commission
The U. S. Securities and Exchange Commission (SEC) has also used its existing regulatory authority against companies in the data broker space.
- In January 2022, the Securities and Exchange Commission settled fraud charges with alternative data provider App Annie. They discovered that App Annie and its co-founder, former CEO, and chairman “lied to companies about how their confidential data was being used.”
- In March 2023, the SEC proposed requirements to address cybersecurity risks to the U.S. securities markets.
The research group Electronic Privacy Information Center strongly supports state and federal legislative efforts setting limits on data brokers but still thinks there is a need for a comprehensive baseline U.S. privacy law.
What Information Do Data Brokers Know?
You have data if you have an email address, a social media presence, downloaded an app, or filed taxes. There’s a high chance that your personal information is up for grabs among data brokers when doing these things. But what precisely of your data are collected?
Data brokers mainly get information from publicly available records like the following:
- Motor vehicle records
- Census data
- Birth certificates
- Marriage licenses
- Divorce records
- Court records
- Voter registration information
- Bankruptcy records
Data brokers also source your information from businesses that agree to sell the information to them: social media, personal data, or any consumer information that can be purchased from other companies.
They are typically the following:
- Full name
- Date of birth
- Current and previous address
- Contact details
- Age and gender
- Tastes and habits
- Social Security Number
- Occupation and employment history
- Education
- Economic, social, and cultural information
- House price data
- Purchase history
- Financial information
- Web browsing history
- Family details
Different Types of Data Brokers
Data Brokers may have the same goal of collecting and selling your data, but they operate differently. There are four most common types of data brokers: marketing/advertising, people searching, financial information, and personal health.
1.Marketing and advertising data brokers
Marketing and advertising brokers are the most common types of data brokers. They have a better image of you that helps businesses target you as a consumer.
These data brokers obtain your age, location, educational level, income, buying habits, purchase history, internet activity, web history, and similar, helping to create your consumer profile.
These brokers are why you see suspiciously relevant Google or other ads for products you have researched or clicked on.
2. People searching websites
Data brokers of this type have a database of information about almost everyone globally. They collect your personal information from various sources, create specialized data reports, and sell it online.
Are you familiar with Pipl, BeenVerified, and Spokeo? These are three of the best people search sites out there. You can use them to search by names, addresses, phone numbers, and more.
3. Financial information (Fraud detection or Risk mitigation brokers)
Banks or credit card companies use data brokers specializing in fraud detection to detect fraudulent purchase patterns.
In contrast, risk mitigation data brokers are helpful with banks and loan firms in calibrating loan offers. Having determined your financial situation, they can assess if they will offer you high or low-interest loans.
Financial information data brokers sell your financial information, like credit scores and the likelihood of defaulting on loans. The big three (Experian, Equifax, and Transunion) national credit reporting agencies belong here.
4. Personal health data brokers
Health information brokers specialize in compiling sensitive information about your health or perceived health issues based on what you search for or buy online: symptoms, therapies, and over-the-counter drug purchases using a pharmacy’s loyalty card.
It also includes fitness/health tracking apps that derive your health information. Health insurance companies buy from these data brokers to determine the cost of insuring you.
How Do Data Brokers Sell Your Information?
Data brokers make money by selling your personal information collated into one package. It isn’t sold as individual bits but as part of a data ‘profile’ of a customer within a target market.
Data brokers use machine learning to identify patterns and dissect your information into audience segments.
Audience segmentation is a marketing strategy of dividing a broad audience into segments or groups with something common, like age and gender, to boost sales. For example, a college student dorm occupant in their late teen’s age has very different needs than a grandma looking to buy dinnerware to host a family.
Data brokers sort you into a category to sell with advertisers or other interested third parties.
Who are the Biggest Data Brokers in the market?
We have researched more than ten companies to come up with the best data brokering business options. Below are some of the biggest players in the data brokerage market.
Acxiom LLC
Acxiom is one of the largest data brokers in the world. It is a database marketing company with thousands of data attributes in more than 30 countries and over 50 years of service.
Acxiom sells information they gather on customers from various sources, anonymize it, and then sells it for target advertisements to marketing companies. They are headquartered in Conway, Arkansas, and operate around the United States, Europe, and Asia-Pacific.
Equifax Information Services LLC
Making 4.923 billion USD in 2021 is Equifax, another big name among data brokers. They collect consumer financial information that helps businesses advertise more effectively and create targeted marketing campaigns.
You may be familiar with Equifax as, besides being a data broker, it is one of the top three credit reporting agencies in the United States, alongside Experian and TransUnion.
Epsilon Data Management LLC
Epsilon Data Management is one of the best-rated in the U.S. It has insights into a massive database of 250 million U.S. consumers.
Epsilon collects demographic, consumer, browsing, and other forms of data. They also offer strategic consulting, marketing analytics, database, email and loyalty marketing technology, and more.
Protecting Your Data From Data Brokers
Data Brokers have lesser chances of accessing your data if you stop being vulnerable. You can achieve that personal security with a few tricks. Here are tips to limit the amount of your private information data brokers can access:
- Stop oversharing. Limit the information you share with suspicious websites or anywhere online. Try to read consent forms as much as possible and be more cautious when using free services.
- Make your social media accounts private. You can still enjoy social media but with tightened privacy to stop disclosing your data to data brokers.
- Use private search engines. Google is notorious for recording everything you do online; they share your search queries with third parties. Private browsing can be helpful for you.
- Use a Virtual Private Network (VPN). A good VPN has a dedication to privacy as it disguises your IP address and secures your data when you use the internet. About 43% of all VPN users use it for security reasons.
Opt-out. Opting out of data broker lists and data-sharing programs is free but time-consuming. If money is not an issue, you can do it faster with professional data removal services. Tools like Kanary and Incogni can find sites exposing your information and remove them for you.
The Bottom Line
You’re probably giving your data away without even realizing it. According to the cybersecurity firm Bitdefender, 60% of internet users have more than twelve data points publicly available.
But let’s also recognize that other broker companies carefully handle your data and ensure it is not misused. Some businesses have no malice in accessing your data—they simply want to introduce you to products you might like.
The Federal Trade Commission has already taken steps for Congress to step in and regulate the information data brokers are collecting. But while there’s yet a federal law on it, protecting your data is your responsibility.
Take proactive steps and exercise meaningful control over your information with our tips above. You can outsmart those data brokers!
