California Civil Code § 1798.99.80 defines a data broker as a company that collects and sells people’s personal information to third parties.
Data brokers vary in the type of data that they collect. They collect information from the Internet, social media, banks, etc. The collected data are sold to third-party companies for market research or statistics.
Read on to know more about data brokers—-what they do, how they collect data, and why you should get your information off their databases.
🔑 Key Takeaways
- Data brokers collect personal information and sell it to third parties.
- They gather data from banks, cookies, public records, and more. The data are sold to offer insights on shopping habits and online behavior.
- Data brokerage lacks federal regulation in the US, with laws primarily enforced at the state level. Meanwhile, the EU’s GDPR prioritizes user consent and data privacy.
- Despite legality, data brokers face security vulnerabilities. This elicits users to opt out in order to safeguard their personal information.
How Data Brokers Work
Data brokers gather vast amounts of personal data online. Typically, they collect information that can be easily tied to an individual. These can be names, phone numbers, birthdates, email addresses, and more.
However, data brokers can also get information on anyone’s cart items, social media accounts, and criminal records.
Other information they collect are:
- Financial information or credit history
- Credit score and income
- Employment history
- Online activities
- Shopping history or purchasing habits
- Public Records
With these data points, they create target market profiles using and organizing the collected data in a way that makes sense for marketers.
How Do Data Brokers Collect Information?
Data brokers collect and gather data from any data point—whether online or offline. Depending on the market need, they also get data from paid or free sources.
Some data brokers even pay extra for sensitive data such as financial status and online behaviors.
Here are the core ways data brokers get your information:
- Credit cards
Credit cards from banks contain private information, which they store in their systems. Banks often sell consumer information from their system to data brokers.
Apparently, this is not illegal under the Gramm-Leach-Bliley Act as long as “limitations on disclosure of personal information” are complied.
Information like shopping history is anonymized. Only the behavior or activity from the credit card is collected and sold to data brokers.
💡 Did you know? Mastercard made over $4.1 billion in 2019 from selling credit card information alone. |
- Behavioral tracking
Behavioral tracking includes monitoring user activities—like how long you lingered on a page or what sites you clicked. The activities made are saved as internet cookies.
Like the photo above, websites often ask visitors to “Accept” cookies for viewers to have a better website experience.
Although these help consumers view the webpage better, cookies contain relevant information about your online activity. Data brokers usually buy cookies from particular websites.
🎉 Fun Fact An internet user generates about 1.7 MB of data per second. These are from website cookies, social media, and web activity. |
- Public Records
Most public records, like voter registrations, census data, and more, can be accessed upon anyone’s request. This includes data brokers.
They obtain personal data from scouring public records. It is not considered illegal since the information is “public.”
This lets them obtain millions of personal data through simple requests and formal access without breaking regulations.
However, this technicality does not apply to sealed documents.
- Loyalty Cards
Target Circle is here—and your Target Run is about to be even more rewarding! Get the details and join our new, totally free loyalty program: https://t.co/KQ4gJEfMqF. (That’s right—no membership fees here!) pic.twitter.com/tOVLceDTK7
— Target News (@TargetNews) October 7, 2019
Never underestimate loyalty cards and programs. They are another way data brokers keep tabs on your shopping preferences.
Companies that offer loyalty programs store information such as names, addresses, and birthdates. Some also include transaction histories, like when or where the consumer used a loyalty card.
Data brokers gather this information to create data and sell it to different companies, mainly to those that focus on marketing and retail.
- Mobile applications
Free apps are never FREE. They usually sell users’ data like birthdays, ages, or locations, then charge companies for the advertisements.
Targeted ads drive marketing today and allow users to see ads personalized to their tastes. Data from ads are also helpful to companies that focus on ad marketing.
💡 Did you know? There are more than 3.5 million apps in the Google Play Store. 70% of the apps are free, but they generate 98% of Google Play’s revenue. If you’re wondering how Google generates revenue from all those free apps, the answer is simple: advertising. Targeted and monetized ads are shown to users. |
- Social media
Around 60% of the world’s population use social media as of 2023. An average person spends 2.5 hours on different platforms—to post, comment, like, chat, and more.
People do and share many things on social media, making it rich in information about anyone. This is why most data brokers go to different social media sites to obtain data.
Some data brokers use data scraping. They scrape social media sites to collect public data points from public profiles.
This technique is against most social media’s terms of use. However, since information on the platforms is often shared publicly, some say it is not exactly illegal.
The Legality of Data Brokers
Data brokerage is unregulated on a federal level, and no laws against businesses that profit from data collection exist.
As long as data brokers obtain data from public information, no law is broken. Laws on data brokerage are highly sectoral.
An example of this is the Fair Credit Reporting Act. The FCRA is specific only to protecting individuals from unfair credit reporting.
Through the FCRA, consumers can question inaccurate details on their credit reports and seek damages if their rights are violated.
Also, laws in the US are enforced at state levels rather than national ones. Take California and Vermont as examples.
Data brokers within these states must register with the Attorney General’s office annually to continue their operations.
On the other hand, the European Union has the General Data Protection Regulation (GDPR), which upholds data privacy and security.
The regulation states that users must consent before sites can collect their data. This gives individuals more control over their personal data.
⌛️ In a Nutshell Data brokerage in the US lacks federal regulation. FCRA addresses some aspects, but states must independently enforce laws. In contrast, the EU’s GDPR mandates user consent before data collection, strengthening individuals’ control over personal information. |
Who Buys from Data Brokers?
After collecting, sorting, and filling data into usable format, data brokers will sell these to companies that may need it.
Companies that usually buy information from data brokers are:
- Advertisers
- Financial institutions
- Insurance companies
- Marketing agencies
- Government offices
- Political consultants
These enterprises will use the data to gain insights into consumer activities, research the latest trends, create statistics, or improve their platforms and services.
How to Remove Your Information From Data Brokers?
Even though data brokers are technically legal, the purpose of their operations still includes personal information, which should be treated with confidentiality.
Data brokers are also vulnerable to breaches due to the massive amount of data they hold. This only tempts cyberattackers to steal and sell information to the dark web.
🎉 Fun Fact Did you know 210 million American records are vulnerable to data broker hacking? 23 out of 506 data brokers under surveillance suffered data breaches. |
If you want to safeguard your data from data brokers and the Internet, opting out is one of the best methods.
Opt out manually from data brokers
Before removing your, determine which company stores your data. Once you know, request a data removal by contacting the data broker.
The steps below used Acxiom’s method of data removal requests. Check it out.
1. Go to Acxiom’s homepage.
2. Scroll down to the end of the page. Click Do Not Sell My Personal Information.
3. The US Consumer Opt-Out guide page will appear. Read through the critical points.
At the bottom of the page, you’ll find the opt-out form.
4. Fill up the opt-out form entirely and click Submit.
5. Provide your email address, do the reCAPTCHA, and click Submit.
6. Open your email to view the verification email sent by Acxiom and click on the provided link.
7. Click the checkbox beside reCAPTCHA and hit Submit.
Once you submit your request, all you have to do is wait a maximum of two weeks before Acxiom successfully fulfills your request.
👍 Helpful Article The opt-out process may vary depending on the data broker and the type of data. Discover how you can remove your information from a data broker like Instant Checkmate by checking out this guide. |
Largest Data Brokers
There are 506 data brokers in the US, but only a few are known. The following data brokers are some of the prominent players in the field of data brokerage.
1. Acxiom
The Acxiom Corporation is dubbed the quiet giant of American database marketing. The corporation employs over 2,000 employees, serving millions of data consumers worldwide.
Acxiom’s servers also process over 50 trillion data transactions annually. Their vast databases store information from 500 million active consumers worldwide; most are from the US.
2. Experian
Experian is an American-Irish-owned information services company recognized for providing data and analytical tools to manage credit risk, fraud, etc.
The company gathers and aggregates information on over 1 billion people and businesses worldwide. Experian also employs over 20,600 people to run their databases.
3. Epsilon Data Management
Epsilon Data Management LLC offers marketing and data services, such as marketing analytics, storing propriety data, email marketing, predictive modeling, digital marketing, and more.
They are based in Irving, Texas, but offer access to information of over 200 million unique individuals.
4. Oracle America, Inc.
Oracle America, Inc., is a corporation that manufactures and markets network computing infrastructure solutions.
They are known for their database software, microprocessors, and developer software. The company also serves more than 420,000 customers across 175 countries.
5. CoreLogic
CoreLogic provides intelligence and data for the real estate, mortgage, and insurance industries. They cover 99% of data on US properties, making them a popular data resource for landlords and real estate agencies.
As of 2020, CoreLogic employs over 5,300 employees and has a revenue of $1.6 billion.
6. Nielsen
Nielsen is an established leader in market research and ratings by providing insights into consumer information and behavior over media.
They also pioneered audience rating systems for TV, music, radio, and magazines worldwide.
7. Equifax
Equifax is one of the oldest data brokers in America, established in Georgia. Their operations focus on credit references of consumers.
In the 70s, the company was criticized for a false perception that it sold data regarding sexual orientation. Despite this, Equifax holds over 800 million individual data, with revenue skyrocketing to $3.1 billion.
8. Verisk
Like Equifax, Verisk handles key financial data, like risk management, insurance, and financial services.
In the Q1 of 2023, the company earned $651.6 million in revenue. Their total revenue comes from umbrella companies such as Maplecroft and Air Worldwide.
9. LexisNexis
LexisNexis holds the largest databases of the world’s legal and public records.
The company has 1,800 technologists who handle and maintain over 144 billion legal documents and records from 39,000 premium resources.
Their collective data storage is 2.5 petabytes, 150x the size of Wikipedia.
10. Aristotle
Aristotle is a political data management company focusing on voter data for political campaigns and organizations.
Since 1983, the company has been the leading choice of political data brokerage for every US president, from Ronald Reagan to Barack Obama.
Conclusion
Users share data on the Internet—whether deliberately or unconsciously. This potentially exposes personal information to data brokers. They then sell the information to third-party companies.
Experts also say that internet devices are now trackers for data brokers. However, federal laws have yet to be made regarding data protection.
Knowing how data brokers work is vital in understanding what, why, and how your personal data on the Internet are gathered and used. This can also help you set up safety measures to safeguard your online privacy.
FAQs
Is Facebook a data broker?
No. Facebook is a social networking site. It is not a data broker on paper, but unconfirmed reports claim that Facebook sells data to developers.
How much do data brokers make?
The latest reported average hourly rate of data brokers in the US is $34.86.
How big is the data broker industry?
In 2022, the data broker industry was worth $247.4 billion. It’s projected to be worth $407.5 billion by 2028.
Timeline Of The Article
By Harsha Kiran
Harsha Kiran is the founder and innovator of Techjury.net. He started it as a personal passion project in 2019 to share expertise in internet marketing and experiences with gadgets and it soon turned into a full-scale tech blog with specialization in security, privacy, web dev, and cloud computing.