What Data Brokers Do: How They Collect & Sell Your Data

/ Blog / By

How Data Brokers Collect, Sell, and Profit From Your Personal Information

A hand reaching out from a portal to take a bag labeled “DATA” from a laptop, which shows a warning symbol, representing the risk of data theft or unauthorized data access

There’s an entire market built around your personal data, and most people have no idea it exists. Behind the websites you visit, the forms you fill out, and the apps you use, there’s a network of companies collecting, packaging, and selling your information every single day.

These companies are called data brokers, and they operate quietly but on a massive scale. You’ve likely never heard of most of them, but they know a lot about you, like where you live, what you buy, what you read, and even where you go.

In this guide, we’ll discuss what data brokers do, how they get your information, who buys it, and what it’s used for. You’ll also learn how to protect yourself, how to remove your information from broker sites, and what your legal rights look like depending on where you live.

What are Data Brokers?

A data broker is a company that collects, buys, and sells personal information without having a direct relationship with the people it profiles. 

These businesses don’t run social platforms, email services, or online stores. They sit in the background, quietly gathering information from different sources and turning it into detailed consumer profiles.

They go by different names:

☑️ Information brokers
 ☑️ People search sites
 ☑️ List brokers
 ☑️ Marketing data providers

What all of them have in common is this: they aggregate large amounts of data, clean it up, fill in the blanks, and then sell it to advertisers, insurers, political campaigns, retailers, and many others. 

They enrich that information using models and third-party sources to paint a more complete picture, like guessing your income level, job title, or family size based on your behaviors or purchase history.

What Do Data Brokers Do and Who Do They Sell To?

Hooded figure in dark clothing using a laptop, with floating dollar bills suggesting stolen data being turned into profit through cybercrime or data resale

Data brokers gather information from many different sources and turn it into structured data products that can be sold, licensed, or activated across platforms. 

Their main job is to collect, sort, label, and repackage personal data, and then sell it to businesses that want to target, verify, or better understand people like you.

They don’t all operate the same way. Some specialize in tracking buying habits, while others focus on location data or build profiles based on browsing behavior. 

Here’s a quick look at the main types of data broker businesses:

  • Marketing & ad-tech providers – Sell audience segments and behavioral lookalikes to advertisers for targeting
  • People search and background sites – Make your personal details searchable by anyone online
  • Risk, identity, and verification services – Support fraud scoring, credit risk, KYC, and onboarding checks
  • Location and mobility data firms – Collect movement patterns using apps, GPS signals, or ad bidstreams
  • Specialty brokers by industry – Work with auto, finance, health-adjacent, or retail data for niche campaigns

Who buys this information?

  • Brands that want to personalize ads or offers
  • Retailers trying to expand their reach
  • Political campaigns profiling voter behavior
  • Insurance and lending firms assessing risk
  • Marketplaces, publishers, and app developers
  • Private investigators and law enforcement (in some regions)

How Data Brokers Collect Your Information

Close-up of hands typing on a laptop with a digital overlay showing data risk alerts, representing exposure to data brokers or digital threats

Data brokers don’t rely on one source. They pull from dozens of places, some public, some commercial, and some buried deep in your everyday digital activity. Most of it happens quietly in the background, without you ever noticing. 

Bear in mind that, even if you don’t fill out a form or sign up for anything, your information can still end up in a broker’s system. Bits and pieces get pulled from different places, matched together, and sold as a single profile.

Here’s where your information comes from:

  • Public records – Property ownership, voter registrations, court filings, business licenses, and other records available through government databases
  • Commercial sources – Loyalty programs, online purchases, product registrations, survey forms, and even warranty cards
  • Digital exhaust – Ad trackers, cookies, mobile SDKs, browser fingerprinting, and marketing automation platforms that log clicks and actions
  • Data matching and enrichment – Email addresses, device IDs, IPs, and mobile ad IDs (MAIDs) are matched and linked to build full profiles
  • Web scraping – Public sites like social media, blogs, and forums can be scraped for names, interests, or job details
  • Inferred data – Some brokers tend to infer facts using models. You might be tagged with a likely income level or labeled as someone planning a move, based on your activity

What’s in a Consumer Profile?

A consumer profile is a digital file built around you. It combines details about who you are, what you do, where you go, and what you’re likely to buy. Data brokers create these profiles by pulling in real data from different sources, then adding predictions to fill in the gaps.

These files are sold or licensed to advertisers, insurance firms, political groups, and others who want to reach a specific audience or assess someone’s background. Most people have multiple profiles linked to them across different platforms, and they usually don’t know it.

Here’s the kind of information that often shows up:

  • Basic identifiers – Full name, home address, past addresses, phone numbers, email addresses
  • Demographics – Age, gender, marital status, education level, household size
  • Purchase history and interests – Shopping behavior, product categories, magazine subscriptions, loyalty card data
  • Location habits – Daily commute patterns, frequent locations, travel behaviors (when collected through apps)
  • Inferred traits – Estimated income bracket, homeowner status, political leanings, possible health interests, or major life events like a new baby or recent move

Not all of this information is accurate. Some of it is guessed, based on patterns or similarities to others in the same area or spending bracket. These inferences are often used to sort people into segments, even when the details aren’t confirmed.

That’s why errors in consumer profiles are common, and why they sometimes lead to unfair assumptions.

How Data Brokers Sell Your Information

Once data brokers build consumer profiles, they package and sell them in different formats depending on the buyer’s needs. This isn’t just about selling a spreadsheet. They offer full systems, live feeds, and targeted segments that plug into ad platforms and software tools.

Here’s what they sell:

  • Pre-built lists – These are collections of people grouped by traits like age, ZIP code, buying habits, or recent life events
  • Audience segments – Used in digital ads to reach groups with shared characteristics, like “new parents” or “home improvement shoppers”
  • Custom audiences – Tailored lists based on very specific criteria, often built for a brand’s campaign
  • Event streams – Real-time updates, like someone opening a credit card or moving house
  • Identity graphs – Match a person across devices, emails, and platforms to unify their online behavior
  • APIs – Software access that lets other businesses pull broker data directly into their tools

How much does it cost?

It depends on the data type, volume, and how fresh it is. Some pricing models are:

  • Per record – Pay for each individual profile
  • CPM – Cost per thousand impressions, usually for ad targeting
  • Per match – Fees for matching a client’s customer list to broker data
  • Subscription – Ongoing access via API or platform seat

Brokers also charge more for exclusive data, hard-to-get segments, or verticals like auto, finance, and health-adjacent data. The more recent and accurate the info, the higher the price.

Why Do Companies Sell Your Data?

Selling user data has become a business model. For many companies, it’s a way to turn everyday digital activity, like browsing, signing up, or buying something, into extra revenue. 

Some businesses exist only to collect and sell data. Others offer free tools or services, then make money on the back end by passing your info to third parties.

Here’s why it happens:

  • It offsets costs – Many apps and websites are “free” to use, but they still need to make money. Selling access to user data helps cover those costs.
  • It’s a second revenue stream – Publishers, retailers, and app developers often package user behavior and sell it to marketing partners or join retail media networks.
  • It powers ad targeting – The more a brand knows about its audience, the more precise its campaigns can be. That makes brokered data useful, even for companies that already have large customer lists.
  • It’s baked into data-sharing deals – Some companies share your data with partners through co-ops or clean rooms, where everyone benefits from pooled information.
  • It happens in gray zones – In some regions, companies don’t need clear consent to share or sell data. They bury it in terms of service or rely on claims like “legitimate interest” to keep operating.

Data Legality and Your Rights

Data laws vary depending on where you live, and so do your rights. Some regions give you more control than others, but even in the strictest areas, there are still loopholes that let data brokers operate.

Here’s a breakdown of what’s in place today:

In the EU and UK

The GDPR (and UK-GDPR) gives people clear rights over their personal data. You can:

  • Request access to what a company holds on you
  • Ask for your data to be corrected or deleted
  • Object to certain types of processing
  • Withdraw consent, even after giving it

Companies are expected to explain how they use your data and must get your clear permission in most cases.

In the U.S.

There’s no single federal law, but a few states have passed their own, like:

  • California (CCPA/CPRA) gives you the right to see, delete, and opt out of the sale or sharing of your data
  • Virginia, Colorado, Connecticut, Utah, and Oregon have similar rules, but with small differences
  • Many companies now include a “Do Not Sell or Share My Info” link in response to these laws

     

One key difference: U.S. laws often focus on data collected directly from you, not what brokers pull from public sources or inferred data.

Other Countries

Brazil’s LGPD and similar laws in other countries give users the right to see and delete personal data. Enforcement varies, and in many regions, rules are still evolving.

Limits to What You Can Do

Even with strong laws, there are still areas companies can work around:

  • Public records are usually exempt
  • Inferred data (like income range or interests) doesn’t always fall under deletion rights
  • Third-party sources make it hard to track where your data came from

Real-World Risks

Most people think data brokers are just annoying. But the truth is, the risks go way beyond spam emails or junk mail. Once your information is out there, you lose control over who sees it and how it’s used. And the problem is, it’s nearly impossible to pull it back.

Here’s what can happen:

Annoyance – Expect more unsolicited calls, endless email offers, and oddly specific ads that follow you around. Companies use broker data to build ad campaigns, cold call lists, and email blasts.
Privacy exposure – People search sites can make your phone number, home address, family ties, and past locations searchable online. That info can be misused for stalking, doxxing, or harassment.
Financial risk – When identity thieves get access to data from broker leaks or breaches, they can open accounts, file taxes, or commit fraud in your name.
Bias in pricing and offers – Some data is used to assign people into risk or value groups. That can impact what you pay for insurance, loans, or subscriptions, even if the data behind it isn’t accurate.
Security fallout – Brokers don’t always follow the same protections as banks or hospitals. If they get hacked, the fallout can hit hard, especially if their data is tied to other platforms.

How to Take Control (Consumer Playbook)

You can’t stop data brokers entirely, but you can make it harder for your information to spread. The goal is to reduce the amount of your info floating around and how often it gets reused.

Here’s how to get started:

One-Time Cleanup

Remove yourself from major people-search sites: Start with the biggest ones like Whitepages, Spokeo, Intelius, and MyLife. Each has its own opt-out process, and some make it intentionally frustrating. You’ll usually need to confirm your identity and wait a few days.

Use a separate email and phone number for opt-outs: Create a dedicated inbox and Google Voice number. This helps you track responses and shields your real contact info from even more lists.

Regular Data Cleanup

Set a quarterly reminder to recheck major sites: Data often reappears, especially if it’s being re-scraped or bought from new sources. Staying consistent is the only way to keep it down.

Opt out at the source: Review your loyalty program settings, unsubscribe from unnecessary newsletters, and turn off consent for behavioral tracking on publisher sites. Some sites now offer consent tools; use them.

Limit tracking across apps and browsers: Use tracker blockers, private browsing, masked emails, and tools like iCloud Private Relay or Firefox Relay. Reset your mobile ad ID regularly in your phone’s privacy settings.

Watch what you share online: Avoid quizzes, “about me” posts, or oversharing on forums and social media. These often get scraped and sold. Even public likes and follows can feed into broker profiles.

Protect your identity details: Freeze your credit, enable fraud alerts, use two-factor authentication, and consider masked cards or passkeys for purchases.

💡 Tip: The more layers of security you add, the less useful your data becomes to brokers.

For Businesses: Ethical Data Use & Risk Reduction

If you collect data, store it, or share it, you have a responsibility. Using personal information comes with real risk, and how you handle that info says a lot about your brand. The aim is to use it with clarity, limits, and respect.

Here’s what you can do: 

  • Vet your data vendors: Ask where the data comes from, how consent was collected, and what categories are included. If it’s vague, skip it.
  • Collect only what you actually need: Avoid overreaching. Stick to the data points that support your business goals and stop collecting the rest.
  • Set limits on how long you keep data: Build retention policies into your systems. Don’t hold on to user data longer than you need to.
  • Use suppression lists and block sensitive segments: Avoid targeting based on things like health, hardship, or trauma, even if the data is available.
  • Know the rules by region: If you operate in multiple states or countries, follow the strictest law you’re subject to. It’s the safest route.
  • Map your data flows: Keep track of where data lives, who has access, and what’s being done with it. You can’t control what you don’t monitor.
  • Build value without crossing lines: Use surveys, first-party data, and contextual signals to create relevance without getting too personal.

Secure Your Company Now

What Most People Get Wrong About Data Brokers

A lot of assumptions about data brokers sound true on the surface, but fall apart once you dig deeper. Here are some of the most common myths and the reality behind them:

“I never agreed to this”: In most cases, you did; buried inside terms of service, cookie pop-ups, or app permissions. The consent may not feel meaningful, but it’s often there.

“Deleting social media solves the problem”: Social accounts are just one piece. Brokers buy from public records, loyalty programs, retailers, and third-party partners, so your data can live on even after you delete accounts.

“The data they have on me is accurate”: Not always. Brokers rely heavily on predictions, lookalikes, and inferred traits. That means your profile may include wrong details about your income, health, or interests.

“If I opt out once, I’m safe”: Opt-outs often expire, and data can be re-added from new sources. Staying off broker lists takes ongoing effort, not a one-time fix.

In Summary

You can’t stop data brokers from existing, but you can make it harder for them to keep tracking you. The more you understand how they operate, and how your information is collected, bundled, and sold, the easier it is to make smarter choices.

Opting out, cleaning up your data, and locking down your digital habits won’t solve everything, but they’re solid steps in the right direction.

To help you identify where your personal data is exposed, reach out to VanishID  a demo or free risk analysis to see how exposed your digital footprint may be and how we can help you reduce it.

Frequently Asked Questions

What are data broker sites?

These are websites that make brokered data visible to the public, often in the form of people-search tools. Examples include Whitepages, Spokeo, and Intelius. They often let anyone look up names, addresses, phone numbers, and more.

Why do companies sell your data?

For many businesses, selling data is an easy revenue stream. Free apps, publishers, and retailers pass along user information to offset costs, fund operations, or power ad targeting.

Are companies selling personal data legally allowed to do so?

It depends on where you live. In the EU and UK, strict laws like GDPR require consent and allow deletion requests. In the U.S., only some states have laws giving you rights to see and opt out of data sales. In many regions, selling personal data is still legal.

How do I find and remove my data from broker sites?

Start with the major people-search portals. Most have opt-out forms, though the process can be slow and confusing. Services also exist that handle bulk removals, but you can do it yourself if you’re patient. Creating a dedicated opt-out email helps you manage the requests.

Can I stop data collection entirely?

No. Some information, like property records or court filings, will always be public. But you can reduce the amount of data shared by limiting online tracking, cutting down on loyalty programs, and regularly opting out of broker sites.

Do VPNs or ad blockers stop data brokers?

They can help reduce tracking, but they don’t solve the problem. A VPN hides your IP address, and blockers cut down on online trackers. However, brokers also pull from offline sources like credit applications, purchase histories, and public records.

What’s the difference between selling and sharing my data?

“Selling” usually means a broker or business exchanges your data for money. “Sharing” can mean giving access to partners or affiliates for free or as part of a bigger deal. Some laws, like California’s CPRA, regulate both.

Andrew Clark

Head of Growth Marketing, VanishID

Andrew is a digital marketing strategist specializing in demand generation and customer acquisition for B2B SaaS and cybersecurity companies. He focuses on understanding customer pain points in executive protection and digital footprint management. Prior to VanishID, Andrew led digital marketing at various startups and enterprises, building full-funnel campaigns and launching websites across cybersecurity, cloud simulation, and healthcare sectors. He holds a BA in Communication and Minor in Psychology from the University of Minnesota Duluth.

All Posts
Scroll to Top