What Are Data Brokers? The Complete 2026 Guide
If you have ever Googled your own name and found your home address, phone number, or family members listed on a website you have never visited, you have already encountered the work of a data broker. These companies operate one of the largest and least understood industries on the internet, and in 2026, they hold detailed profiles on an estimated 99% of American adults.
This guide explains what data brokers are, how they collect your information, the different types that exist, the privacy risks they create, and what you can do to protect yourself.
What is a data broker?
A data broker is a company that collects personal information about individuals from public and private sources, aggregates it into profiles, and sells or licenses that data to third parties. Data brokers are sometimes called information brokers, data aggregators, or people-search sites.
The key distinction is that data brokers do not have a direct relationship with the people whose data they collect. Unlike a company you have signed up for, a data broker acquires your information without you being a customer — and often without your knowledge or meaningful consent.
According to the Privacy Rights Clearinghouse, there are over 4,000 data broker companies operating in the United States alone. The global data broker industry was valued at approximately $350 billion in 2025, according to industry research from Grand View Research.
How do data brokers collect your data?
Data brokers use a wide range of sources to build their profiles. Understanding these sources helps explain why opting out of a single broker rarely solves the problem — the same data flows back in from other channels.
Public records
Government records are a primary source: voter registration databases, property records, court filings, marriage and divorce records, birth and death records, business registrations, and professional license databases. These records are legally public in most jurisdictions, making them freely available for aggregation.
Online activity
Web browsing behavior, social media profiles, forum posts, product reviews, and app usage data are collected through tracking cookies, pixels, SDKs embedded in mobile apps, and data-sharing agreements between companies.
Commercial transactions
Loyalty programs, purchase histories, warranty registrations, subscription services, and credit applications all generate data that can flow to brokers through business partnerships and data cooperatives.
Other data brokers
Brokers buy from and sell to each other. A single data point about you — say, a new phone number — can propagate across dozens of broker databases within weeks. This interconnection is why removal from one broker is rarely sufficient.
Types of data brokers
Not all data brokers operate the same way. The industry can be broadly categorized into four types.
People-search sites
These are the most visible type. Sites like Spokeo, BeenVerified, Whitepages, TruePeopleSearch, and FastPeopleSearch allow anyone to look up individuals by name, phone number, or address. They display personal details publicly or behind a paywall. There are over 200 major people-search sites operating in the United States.
These are the brokers most likely to expose you to stalking, harassment, doxxing, and social engineering attacks — because the data is accessible to anyone willing to search for it.
Marketing data brokers
Companies like Acxiom (now Liveramp), Oracle Data Cloud, and Epsilon collect and sell consumer data to advertisers. They categorize people into segments based on demographics, purchase behavior, interests, income, and health indicators. Their customers are brands and agencies that use this data for targeted advertising.
Risk mitigation and background check brokers
Companies like LexisNexis, Equifax, and TransUnion (operating beyond their credit bureau roles) sell data used for employment background checks, tenant screening, insurance underwriting, and fraud detection. Data accuracy issues with these brokers can directly affect your ability to get a job, rent an apartment, or obtain insurance.
Health and financial data brokers
Some brokers specialize in health-related data (prescription histories, condition indicators, insurance claims) or financial data (income estimates, credit behavior, investment activity). This data is particularly sensitive and, in some cases, subject to additional regulation under HIPAA or FCRA.
What are the privacy risks?
The risks created by the data broker industry extend beyond abstract concerns about privacy. They are concrete and measurable.
Identity theft and fraud. Aggregated personal data — full names, dates of birth, addresses, phone numbers, and family connections — provides the raw material for identity theft. The FTC received 1.4 million identity theft reports in 2024.
Stalking and harassment. People-search sites are regularly cited in stalking cases. A 2023 study by the Cyber Civil Rights Initiative found that 60% of stalking victims reported their stalker used online people-search tools to locate them.
Discrimination. Data used in hiring, housing, and lending decisions can encode biases. When a background check broker reports inaccurate criminal records — a well-documented problem — it can cost people jobs and housing.
Manipulation. Marketing profiles enable micro-targeted campaigns that exploit personal vulnerabilities — financial stress, health conditions, political leanings — in ways that most people would find objectionable if they understood the targeting.
Data breaches. Brokers are high-value targets for hackers because they concentrate data on millions of people. The 2023 breach of a major background check company exposed records on 2.9 billion individuals.
The legal landscape in 2026
Privacy regulation is evolving rapidly, though it remains fragmented.
California leads with the CCPA/CPRA and the California Delete Act (SB-362), which requires data brokers to register with the state and, starting in 2026, to honor deletion requests submitted through a centralized system. Vermont, Texas, and Oregon have also enacted data broker registration laws.
State privacy laws in 19+ states now provide residents with the right to request deletion of personal data, though enforcement varies and each state has different rules.
Federal legislation remains absent in the United States. There is no comprehensive federal privacy law, meaning protections depend on where you live and which brokers cooperate.
The EU's GDPR provides stronger protections for European residents, requiring explicit consent for data processing and enabling deletion requests (the "right to be forgotten"). However, many US-based brokers do not comply with GDPR for US-based data subjects.
How to protect yourself from data brokers
There are two broad approaches: manual removal and automated services.
Manual removal (DIY)
You can opt out of data brokers individually. Each broker has its own process — some use web forms, others require email, postal mail, or even faxed requests. For people-search sites alone, you would need to submit opt-out requests to 200+ individual sites. Each request takes 5-30 minutes, and many brokers re-add your data within months from ongoing collection.
Realistic time estimate: 100-300 hours for initial opt-outs across major brokers, with ongoing maintenance required every 60-90 days.
Automated removal services
Services like Locko.AI automate the process. The approach typically involves scanning broker databases to find where you are listed, submitting removal requests on your behalf, and monitoring for data reappearance. Automation makes it practical to cover hundreds of brokers without the manual time investment.
When evaluating any removal service, look for transparency about which brokers are covered, verification that removals actually happened, and ongoing monitoring — not just a one-time submission.
Preventive measures
Beyond removal, you can reduce new data collection by using a VPN, limiting social media sharing, opting out of loyalty programs, using masked email addresses and phone numbers, and regularly reviewing app permissions.
Frequently asked questions
Is what data brokers do legal?
In most of the United States, yes. Data brokerage is legal because much of the information comes from public records or is collected under broad terms-of-service agreements. However, the legal landscape is shifting — California's Delete Act and similar laws in other states are imposing new obligations on brokers, including mandatory registration and deletion compliance.
How many data brokers have my information?
According to research by the Privacy Rights Clearinghouse, the average American adult appears in the databases of 100-200 data brokers. Locko.AI scans over 700 broker sites, and most users are found on dozens of them.
Can I opt out of data brokers for free?
Yes, every broker is required to have a free opt-out process. The challenge is scale — doing it yourself across hundreds of brokers takes hundreds of hours, and many brokers re-list your data within months. Free tools like the California Delete Act's centralized system (launching in 2026) will help but cover only brokers registered in California.
Want to see which data brokers have your personal information right now? Locko.AI scans 700+ broker databases and shows you exactly where you are exposed — with evidence.
Take back control of your data
Take the privacy risk assessment to see which brokers have your personal information — then let Locko handle the removals automatically.