What is a Data Broker? Everything You Need to Know
By Tibor Moes / Updated: June 2023
What is a Data Broker?
Imagine living in a world where your personal information is constantly being collected, analyzed, and sold without your knowledge or consent. Sounds dystopian, right? Unfortunately, this is the reality of the digital age we live in, and data brokers play a significant role in this process. In this blog post, we will explore the ins and outs of data brokers and find out how they affect our lives.
Summary
-
Data brokers are companies who gather data from various sources, such as social media sites, government records, retailers, or credit card companies.
-
They combine this data into profiles which they sell to other companies, who can use it for marketing, risk management, and decision-making.
-
Common data points collected are demographics, interests, financial status, and health records.
Don’t become a victim of cybercrime. Protect your devices with the best antivirus software and your privacy with the best VPN service.
Defining Data Brokers
Data brokers are companies or individuals who gather information from various public sources online, such as social media sites and government records. Their primary goal is to build databases of people and use this information for tailored advertising and marketing. In other words, data brokers collect, process, and sell personal information to companies for targeted ads and marketing purposes.
The data broker industry is a legitimate business that deals with personal data for different reasons. It is essential to understand that data brokers operate mostly behind the scenes, and many people are unaware of their existence or the extent of data collection. Data broker companies, also known as data suppliers, gather a vast amount of personal information and process it to create comprehensive profiles of individuals.
Data brokers sell these profiles to various industries such as advertising companies, real estate companies, and even government agencies for marketing purposes, risk mitigation, and decision-making. The data broker industry is constantly evolving, and with the rise of social media, web tracking, and data breaches, the amount of information collected and processed has grown exponentially.
Data Collection Methods
Data brokers gather data from a variety of sources. These include both online and offline sources. They search the web for publicly available information, such as public records, social media profiles, and online databases. Additionally, data brokers employ techniques like surveying and web tracking to gather consumer data.
Apart from public sources, data brokers also obtain information from third-party companies that have already gathered the data. For example, credit card companies and retailers may sell customer purchase histories to data brokers, providing valuable insights into consumer behavior and preferences.
It is essential to understand that the data collected by data brokers is not limited to basic demographic information. They gather details like a professional’s age, income, purchasing behaviors, and web browsing habits. This comprehensive collection of data allows data brokers to create detailed profiles of individuals, which are then sold to various industries for targeted advertising and decision-making.
Types of Data Collected
Data brokers gather a variety of personal details from both online and offline sources, such as demographics, interests, financial status, and health records. These details help data brokers create consumer profiles that are highly valuable to various businesses and industries.
For instance, data brokers may collect information about a person’s interests, hobbies, religion, and even their smoking habits. This information can be used to create tailored advertisements and offers that are more likely to resonate with the target audience. In some cases, data brokers can have up to 1,500 data points on an individual, providing a comprehensive picture of their life and preferences.
It is worth noting that not all information collected by data brokers is considered personal data. Some data brokers classify derived, inferred, and predicted data as non-personal data, which may be subject to different regulations and ethical considerations.
Data Broker Categories
Data brokers serve a variety of purposes. There are four main types of marketing/advertising, fraud detection, risk mitigation, and people search sites. Each type serves a specific purpose and caters to different industries and clients.
Marketing/advertising data brokers provide companies with personal information to help them tailor their marketing strategies. These data brokers collect and process data points such as demographics, interests, and purchase history, which are then used by businesses to create targeted advertisements and offers.
Fraud detection data brokers supply personal information to financial institutions to monitor account activity and identify potential fraudulent transactions. By providing this information, data brokers assist banks and other financial institutions in protecting their customers from identity theft and other forms of financial fraud.
Risk mitigation data brokers collect and analyze data related to an individual’s financial history and online purchase habits. This information is used by banks, loan firms, and insurance companies to assess the risk associated with potential customers and fine-tune their offers accordingly.
Lastly, people search data brokers to compile databases about individuals that can be accessed through their websites. These brokers provide background checks and personal information for various purposes, such as screening potential tenants, employees, or romantic partners.
The Use of Collected Data
Data brokers utilize machine learning and artificial intelligence to spot patterns and break down information into audience segments, which are then sold to AdTech companies and other organizations. Targeted advertising is a common practice in which data brokers use the collected information to create highly specific advertisements tailored to an individual’s interests and preferences.
These audience segments are created based on shared characteristics, such as age, income, location, and interests, and are sold to various industries, including marketing, finance, and real estate. This allows businesses to make informed decisions and better target their products and services to potential customers.
However, there are ethical concerns surrounding the use of collected data and the creation of specific audience segments. For example, the creation of categories like “HIV sufferers” could be seen as intrusive and raise questions about data privacy.
Despite these concerns, the value of data brokerage in terms of targeted advertising, risk assessment, and decision-making cannot be understated.
Legal Aspects of Data Brokerage
Data brokers that collect publicly available data are generally considered to be operating legally. However, the legal landscape surrounding data brokers is complex and constantly evolving, with no clear federal law in the United States governing the industry. Some states have implemented comprehensive consumer data privacy laws, but many others lack strong regulation for data brokers.
In the European Union, data brokers are subject to the General Data Protection Regulation (GDPR), a data governance law designed to protect individuals’ personal data and privacy. GDPR specifies six legal grounds for processing data, including legitimate interest and clear, explicit, and straightforward consent. Data brokers must ensure they are following these regulations and other data protection laws, such as the California Consumer Privacy Act (CCPA) and the Brazilian General Data Protection Law (LGPD).
Data brokers must also implement security measures to protect the information they collect and prevent data breaches. They must ensure that the data they collect and process is done in an ethical and responsible manner, adhering to the evolving legal landscape surrounding data brokerage.
Data Breaches and Security Concerns
One of the primary concerns surrounding data brokers is the risk of data breaches and the potential misuse of sensitive information by third parties. A data breach involving a data broker could expose the personal information of millions of individuals, resulting in identity theft, financial fraud, and other negative consequences.
To mitigate these risks, data brokers must implement robust security measures and adhere to strict data protection regulations like GDPR and CCPA. By doing so, they can help ensure that the personal information they collect and process remains secure and private, minimizing the potential for data breaches and the misuse of sensitive data.
Protecting Your Personal Data
As individuals, it is essential to take steps to safeguard our personal data and limit our exposure to data brokers. One effective way to do this is to opt out of data collection at the source, such as through privacy settings on social media platforms or by unsubscribing to marketing emails.
In addition to opting out of data collection, individuals can also use privacy-focused services that limit the amount of data that data brokers can access. Companies like PrivacyDuck and DeleteMe specialize in helping individuals protect their personal data and maintain their privacy.
By taking these steps, individuals can regain control over their personal information and reduce the likelihood of their data being collected, processed, and sold by data brokers. It is crucial to be proactive about privacy in the digital age and make informed decisions about the services we use and the data we share.
The Future of Data Brokerage
The future of data brokerage is uncertain, with technological advancements, regulatory changes, and ethical considerations shaping the industry’s evolution. For instance, the use of artificial intelligence and machine learning to automate data collection and analysis, as well as blockchain technology for securing and maintaining data privacy, are expected to play a significant role in the future of data brokerage.
Regulations for data brokerage are becoming more stringent, especially when it comes to collecting and using personal data. Proposed bills and increased restrictions on data brokerage may emerge as the industry remains largely unregulated. Data brokers need to adapt to these regulatory changes and ensure they are operating ethically and responsibly.
As the data brokerage industry continues to evolve, it is essential to strike a balance between protecting consumers’ privacy and preserving the business value of data brokerage. By doing so, we can ensure that data brokers continue to provide valuable services while respecting the rights and privacy of individuals.
Summary
In conclusion, data brokerage is an essential part of the digital age, with data brokers collecting, processing, and selling personal information for various purposes. While the industry offers valuable services to businesses and industries, there are also significant concerns surrounding privacy, security, and regulation. By understanding the role and function of data brokers, as well as the legal and ethical considerations, we can make more informed decisions about our personal data and privacy in the digital world.
How to stay safe online:
- Practice Strong Password Hygiene: Use a unique and complex password for each account. A password manager can help generate and store them. In addition, enable two-factor authentication (2FA) whenever available.
- Invest in Your Safety: Buying the best antivirus for Windows 11 is key for your online security. A high-quality antivirus like Norton, McAfee, or Bitdefender will safeguard your PC from various online threats, including malware, ransomware, and spyware.
- Be Wary of Phishing Attempts: Be cautious when receiving suspicious communications that ask for personal information. Legitimate businesses will never ask for sensitive details via email or text. Before clicking on any links, ensure the sender's authenticity.
- Stay Informed. We cover a wide range of cybersecurity topics on our blog. And there are several credible sources offering threat reports and recommendations, such as NIST, CISA, FBI, ENISA, Symantec, Verizon, Cisco, Crowdstrike, and many more.
Happy surfing!
Frequently Asked Questions
Below are the most frequently asked questions.
What do data brokers do?
Data brokers collect information from various sources and use it to create personalized profiles for different users. They then share this data with other companies so they can use it for marketing, risk assessment, and other purposes. Data brokers are a key part of the online economy, providing important services that help people make decisions and businesses target their advertising.
Are data brokers legal?
Overall, data brokers are generally legal in the United States, but depending on the jurisdiction, there may be restrictions on how the collected data can be used.
It is important to research local laws and regulations to make sure data brokering activities comply with the law.
How do data brokers make money?
Data brokers make money by collecting data from various sources, and then packaging and selling this data to companies who need it. This data is compiled into helpful groups based on factors such as age, income, job title, and more. This helps target marketing messages to these audiences.
In turn, companies make money off of this data when they use it for their marketing purposes.

Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor has tested 28 antivirus programs and 25 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.
He uses Norton to protect his devices, NordVPN for his privacy, and Proton for his passwords and email.