Well, what are data brokers? They know your phone number, political affiliations, and dating preferences. They also know when you move houses, start a new job, and get a divorce. No, we’re not talking about your immediate family and closest friends. We’re talking about data brokers — companies that sell your personal information to complete strangers.
According to estimates from a few years ago, there are at least 4,000 data brokers in the world. In 2012, Acxiom, one of the largest data brokers out there, had information on almost 200 million individuals and over 120 million households in the U.S. These numbers have undoubtedly increased since.
If you’re not worried yet, consider this: an average data broker possesses about 1,500 data points about a single individual. Acquiring this information couldn’t be simpler. In 2017, researcher Joanna Moll bought 1 million online dating profiles for less than $150 from the data broker USDate. The profiles included almost 5 million photos and personal information like email addresses, usernames, sexual orientation, physical characteristics, and even personality traits. Speaking to the Financial Times, Moll said that the whole process “was like buying a T-shirt on Amazon, and you can buy it anywhere in the world.”
The good news is that many data brokers give you the option to opt-out of their databases, and we discuss the exact processes for doing that below. But first, what exactly are data brokers, where do they get your data, and what do they know about you? Perhaps most importantly, are they even legal? Read on to find out.
What are Data Brokers?
Data brokers are companies that collect personally identifiable information from various sources to create individual profiles or listings. These profiles are then sold to pretty much anyone who’s willing to pay for them, including advertisers, marketers, insurance companies, data mining corporations, government agencies, political consultants, and criminals.
Some data brokers do screen and monitor their clients. For example, they may request to meet or speak with clients or ask them to fill out a credentialing questionnaire. However, data brokers don’t usually review how their clients use their products after the transaction is completed.
According to the Federal Trade Commission, depending on the type of data they provide, data brokers typically fall within one of three categories:
- People search sites
- Data brokers that provide marketing products
- Data brokers that offer risk mitigation.products
People search sites are perhaps the most worrying. While some people use them to find lost friends, others use them for more nefarious purposes, like to help facilitate identity theft, cyberstalking, or doxxing.
As long as you know someone’s name (or other personal information, like a phone number or email address), you can quickly unearth more details about them using a people search site. Sometimes, you might be able to access that information for free. Other times, you may need to pay a small fee. Examples of people search sites include PeopleFinders, Intelius, and Spokeo.
Data brokers that sell marketing products develop detailed consumer profiles to help other companies sell to customers. Thanks to these data brokers, businesses can buy information about their customers’ interests to get a better idea of how to market to them.
Last but not least, data brokers that provide risk mitigation products help verify identities and detect fraud. For example, a lender might use this type of data broker to ensure that a person looking to open an account is indeed who they say they are.
Even tech giants like Facebook and Google use data brokers (or at least, were their customers in the past).
How Do Data Brokers Get Data?
Data brokers use both public records and private sources to gather data about individuals. Public records include census records, property records, DMVs, marriage certificate records, and bankruptcy records, to name a few examples. On the other hand, private sources generally include things like social media and other self-reported information, like blogs.
Often, data brokers acquire personal data by buying:
- Your web browsing activities from other businesses.
- Purchase histories (including the type, date, and cost of purchase as well as payment type) from retailers and catalog companies.
- Information about your subscriptions from magazine publishers.
- Car sales and warranty information from automobile dealers.
Most of these sources provide only one or two data elements. But by piecing them all together and guessing the rest, data brokers can build a pretty comprehensive picture of who you are. For example, based on what you buy or search for online, data brokers can pretty accurately guess whether you have any health conditions. The majority of data brokers also obtain information from one another.
What Do Data Brokers Know About You?
Data brokers know a lot about you, including your name, address, phone number, age, gender, ethnicity, religion, sexual orientation, education level, occupation, and political affiliations. They may also know your medical history, interests, dating preferences, credit-driven data, and significant life events such as marriage, births, divorce, and deaths.
Interestingly, many data brokers also put people into specific categories. For example, if you have a dog, you might be placed within the “Dog Owner” category. Conversely, if you’re a single man over the age of 66 with a low educational level, you may be classed as “Rural Everlasting.”
Some categories (think “Cholesterol Focus” and “Expectant Parent”) are incredibly sensitive. For example, if you’re placed within the “Biker Enthusiast” segment, an insurance company may decide that you routinely take part in dangerous behavior and up your insurance premium.
Here’s the thing, though: some of the information that data brokers have on you might be erroneous. In 2011, a man named Thomas Robins took the people search site Spokeo to court because the data they had on him was incorrect. Spokeo claimed that Robins was in his 50s, married with children, and working in a professional or technical field. As a result, Robins, who was out of employment at the time, might have missed job opportunities. Robins said that Spokeo should have double-checked that the information about him was correct before selling it to third parties.
In another example, a man known as Jesse T. had his mugshot posted on mugshots.com, a site that publicizes arrest information, even though he was never charged with a crime. Unsurprisingly, he found it incredibly difficult to find a job.
Are Data Brokers Legal?
Most people have no idea that data brokers are selling their personal information. However, that doesn’t make data brokerage illegal. Because the information data brokers trade-in is publicly available, they’re not technically breaking the law. That being said, some states have passed legislation that restricts data brokers.
Both California and Vermont now regulate data brokers and require that they register with the state.
Vermont’s data broker privacy law (enacted in 2018, the first such law in the country) stipulates that data brokers must maintain minimum data security standards and be more transparent about the type of data they collect. It also prohibits anyone from buying brokered personal data through fraudulent means or with the goal of fraud, harassment, stalking, or discrimination.
Similarly, the California Consumer Privacy Act sets down that consumers have the right to know what information is being collected about them and whom it’s being sold to. Under this law, individuals also have the right to opt-out or have their data deleted. Importantly, the law also prohibits selling data about users under 16 years old.
There’s no federal law protecting consumers’ right to control how information about them is being bought and sold. However, federal regulations protect certain sensitive data, like your conversations with your doctor and your medical records.
How Can You Remove Your Data From Data Brokers?
Some (but not all) data brokers and people search sites allow people to opt-out of their databases. To do so, you might have to fill out a lengthy online form, make a phone call, send an email, send information by mail, or submit your request several times.
However, not all sites give users an option to opt-out. Some data brokers allow you to control your information, but not delete it. And those that do let you opt-out don’t always honor your request. Some also ask you to submit personally identifiable information, which naturally deters many individuals from requesting an opt-out. That’s particularly true if the service seems sketchy — you don’t want to give them any more information about you than they already have.
In most cases, you can’t just opt-out of a data broker site once. Because most data collection processes are automated, your profile will reappear as soon as the data broker receives information from another source. As such, if you want to stay off data broker sites, you have to repeat the opt-out process every few months.
Ready to get back your privacy online? We have a thorough guide on how to opt-out of every major data broker out there.
An Easier Way
Or, you can let us do all the hard work. DeleteMe is a subscription-based service that scours the web on your behalf. Our privacy experts will delete your personal information from 40+ data brokers, and people search sites. Moreover, they’ll recheck these sites every few months, to ensure that your profile hasn’t reappeared. Here’s how our service works.