Data brokers are companies that collect, aggregate, package, and sell personal information about individuals to third parties—often without the knowledge or meaningful consent of the people whose data they trade. The data broker industry is worth an estimated $260 billion globally, with more than 4,000 data broker companies operating worldwide. The average data broker profile contains up to 1,500 individual data points per person, encompassing everything from your home address and income level to your health concerns and political leanings. Understanding how data brokers operate is the first step toward regaining control of your personal information.
What Are Data Brokers and What Do They Do?
Data brokers are businesses whose primary activity is collecting personal information from a wide variety of sources and selling it to other companies, governments, or individuals. They operate largely behind the scenes—most people have never heard of the companies that hold the most detailed profiles about them. Data brokers aggregate information from public records, social media, purchase histories, loyalty programs, website cookies, mobile apps, and even offline sources like voter registration files and property records.
The business model is straightforward: acquire data cheaply (or for free), combine it into detailed consumer profiles, and sell access to those profiles at a markup. Some brokers sell raw data in bulk. Others offer "people search" services where anyone can look up an individual's address, phone number, relatives, and more for a small fee. Still others provide audience segments to advertisers—grouping millions of people into targetable categories like "expectant parents," "diabetes sufferers," or "financially vulnerable."
According to a report by the Vermont Attorney General's office—one of the few states requiring data broker registration—there are over 480 registered data brokers in Vermont alone, and the actual global number far exceeds 4,000 when counting companies that broker data as a secondary business function.
What Types of Data Do Brokers Collect and Sell?
The breadth of data collected by brokers is staggering. A single consumer profile may contain over 1,500 individual data points, spanning virtually every dimension of a person's life. Demographic data includes age, gender, ethnicity, marital status, education level, household size, and income estimates. Behavioral data covers browsing history, purchase patterns, app usage, travel habits, and media consumption. Financial data encompasses credit score ranges, loan histories, investment activity, and bankruptcy records.
Location data is increasingly valuable—data brokers purchase GPS-level location histories from mobile apps, allowing them to track where you live, work, shop, worship, and seek medical care. According to a 2024 investigation by The Markup, one data broker offered location data precise enough to track individuals to specific rooms within buildings. Health-adjacent data—while brokers are careful not to technically sell "medical records"—includes pharmacy purchases, fitness app data, searches for health conditions, and visits to medical facilities inferred from location data.
Purchase history data reveals what you buy, when, how often, and at what price point. Loyalty card programs, credit card transaction data, and e-commerce tracking all feed into broker profiles. Political and social data includes voter registration, party affiliation, donation history, petition signatures, and social media activity. The sum of these data points creates what the industry calls a "360-degree consumer view"—a comprehensive digital portrait that can be used for targeting, scoring, or surveillance.
Who Are the Biggest Data Brokers?
The data brokerage industry is dominated by a handful of massive companies, most of which operate with little public visibility. Acxiom (now part of IPG) is one of the oldest and largest data brokers, maintaining profiles on over 2.5 billion consumers worldwide. Acxiom categorizes people into over 70 lifestyle segments and provides data to major advertisers, financial institutions, and government agencies.
Epsilon (acquired by Publicis Groupe for $4.4 billion in 2019) processes over 8 billion transactions per year and maintains marketing profiles on virtually every US household. Experian, best known as a credit bureau, is also one of the world's largest data brokers, selling marketing data and audience segments alongside credit reports. Oracle Data Cloud (formerly BlueKai and Datalogix) built one of the largest third-party data marketplaces before Oracle shut down its ad tech division in 2024 amid privacy concerns and regulatory pressure.
LexisNexis Risk Solutions maintains one of the most comprehensive people databases in existence, used by law enforcement, insurance companies, debt collectors, and background check services. CoreLogic specializes in property and real estate data, maintaining records on over 99% of US properties. These companies collectively hold data on billions of people, yet most consumers have never heard of them and have no idea how much information these companies possess.
How Do Data Brokers Connect to Digital Advertising?
Data brokers are the hidden engine powering the programmatic advertising ecosystem. When an advertiser wants to target "high-income parents interested in luxury travel," they don't build that audience themselves—they purchase it from a data broker. The broker's audience segment is then loaded into a demand-side platform (DSP), which uses it to bid on ad impressions matching that profile in real-time auctions.
The advertising supply chain involves an astonishing number of intermediaries. According to research by the ISBA (Incorporated Society of British Advertisers), a single ad impression may pass through more than 70 intermediaries between the advertiser and the publisher. Data brokers sit at multiple points in this chain—providing targeting data to DSPs, enrichment data to data management platforms (DMPs), and measurement data to attribution vendors.
Real-time bidding (RTB) amplifies the privacy problem exponentially. Every time you visit a webpage with programmatic ads, your data is broadcast to hundreds of potential bidders in a bid request. The Irish Council for Civil Liberties found that RTB broadcasts user data approximately 178 trillion times per year in the US and Europe combined. This means data brokers aren't just selling your data once—they're enabling it to be broadcast thousands of times per day to companies you've never heard of.
Traditional Ad Targeting (via Data Brokers) vs. On-Device Ad Matching
| Feature | Data Broker Model | On-Device Model |
|---|---|---|
| Data collection | Extensive: 1,500+ data points harvested from multiple sources without meaningful consent | Minimal: user declares interests voluntarily during onboarding |
| User consent | Buried in dense privacy policies; most users unaware | Explicit opt-in; users choose categories and control preferences |
| Data storage | Centralized servers controlled by brokers; vulnerable to breaches | On-device only; no personal data stored on external servers |
| Profile detail | Up to 1,500 data points per person including sensitive categories | User-declared interest categories; no sensitive personal data |
| Privacy risk | Extreme: data sold, shared, leaked, and broadcast via RTB | Near zero: data never leaves the user's device |
| Regulation compliance | Complex and often insufficient; frequent GDPR/CCPA violations | Privacy-by-design; minimal data processing means minimal compliance burden |
| User compensation | $0—users' data is extracted and sold without any return | Users earn rewards for every verified ad engagement |
| Transparency | Opaque: most consumers don't know brokers exist or hold their data | Fully transparent: users see exactly what data is used and how |
How Can You Remove Yourself from Data Brokers?
Removing yourself from data brokers is possible but frustratingly difficult—a process privacy advocates describe as "whack-a-mole." Each data broker has its own opt-out procedure, and there are thousands of brokers to contend with. The typical process involves visiting each broker's website, finding their opt-out or data deletion page (often buried in fine print), submitting a removal request with identity verification, and then waiting weeks or months for processing. Even after removal, many brokers re-acquire your data from other sources within months.
Privacy laws provide some leverage. Under the CCPA (California Consumer Privacy Act), California residents have the right to demand data deletion from any company holding their data. The GDPR provides similar "right to erasure" protections for EU residents. However, enforcement is inconsistent, and most brokers comply slowly if at all. A 2024 Consumer Reports study found that only 35% of data deletion requests were fully honored within the legally required timeframe.
Services like DeleteMe, Privacy Duck, and Kanary automate the opt-out process, submitting removal requests to dozens of brokers on your behalf. These services typically cost $100-200 per year and require ongoing subscriptions because brokers continuously re-collect data. While helpful, they address the symptom rather than the cause—the fundamental business model of collecting and selling personal data without meaningful consent remains intact.
How Adreva Eliminates the Data Broker Problem
Adreva takes a fundamentally different approach to the data broker problem: rather than trying to remove your data after it's been collected, Adreva ensures your data is never collected in the first place. With on-device ad matching, ad selection happens entirely within your browser. No personal data is transmitted to external servers, no profiles are built by third parties, and no intermediaries ever see your browsing behavior or interests.
This approach embodies privacy by design rather than privacy by policy. Data brokers exist because the traditional advertising model requires centralized data collection—someone has to aggregate user profiles for targeting to work. Adreva eliminates this requirement entirely by bringing the ads to the user's device and letting the matching happen locally. The result is relevant advertising without surveillance, compensation without exploitation, and privacy without compromise. In a world where 4,000+ data brokers trade in your personal information, the most powerful protection is an architecture where there's simply no data to broker.
Frequently Asked Questions
How many data brokers have my information?
If you are an adult living in the US, your information is held by hundreds—possibly thousands—of data brokers. Research by Cracked Labs and Privacy Rights Clearinghouse estimates that the average American's data is maintained by 2,500 to 4,000 different companies in the data broker ecosystem. Even if you've never interacted with these companies directly, they acquire your data through public records, purchase history sharing, app SDKs, and other indirect channels.
Is selling personal data legal?
In most jurisdictions, yes—selling personal data is legal, though increasingly regulated. The United States has no comprehensive federal privacy law governing data brokers. California's CCPA and Virginia's VCDPA give residents some rights over their data, but enforcement is limited. The EU's GDPR requires explicit consent for data processing, making many US-style data brokerage practices technically illegal in Europe. Vermont, California, Texas, and Oregon have enacted data broker registration laws, but registration doesn't prohibit the practice.
How do data brokers get my information?
Data brokers collect information from a vast array of sources: public records (voter registration, property deeds, court records), commercial sources (loyalty programs, purchase histories, credit card transactions), online activity (cookies, tracking pixels, app SDKs, social media), and offline sources (surveys, warranty cards, magazine subscriptions). Many mobile apps sell user data to brokers through embedded software development kits (SDKs). A Wall Street Journal investigation found that the average smartphone has 6 SDKs sharing data with third parties.
Can I sue a data broker for selling my data?
It depends on your jurisdiction and the circumstances. Under the CCPA, California residents can sue for statutory damages of $100-$750 per violation in cases of data breaches. The GDPR allows individuals to seek compensation for material or non-material damage from unlawful data processing. However, most data brokerage activity—while ethically questionable—is technically legal under current US law. Class action lawsuits against data brokers are increasing, but individual lawsuits remain difficult and expensive to pursue.
What's the difference between a data broker and an ad network?
A data broker collects and sells personal information as its primary business. An ad network connects advertisers with publishers to display ads. However, the line between them has blurred significantly. Many ad networks operate data brokerage divisions, and many data brokers sell directly into advertising ecosystems. Companies like Oracle (before exiting ad tech) and Google operate in both spaces simultaneously. The key difference is that data brokers focus on the data itself, while ad networks focus on delivering ads—though both profit from personal information.