Understanding the long-term impacts of losing control of your personal data starts with understanding what data brokers actually are. In short, these are companies that collect, aggregate, analyze, and sell personal information about individuals, typically without any direct interaction with, or meaningful consent from, the people whose information is being sold.
An estimated 4,000 data brokers operate worldwide, with hundreds registered in the United States alone. The industry generated roughly $300 billion in global revenue in 2025, and it continues to grow at a rate of 7 to 10% per year. Yet most consumers have never heard of the companies profiting from their personal lives.
What Data Brokers Collect
The scope of data collected by brokers is staggering. A single profile can include:
- Full names, addresses, and phone numbers
- Email addresses and social media activity
- Purchase history and browsing behavior
- Financial data and income estimates
- Property ownership and public records
- Location data from apps and devices
- Health and lifestyle indicators
Some brokers specialize in marketing data, helping advertisers serve targeted ads. Others build detailed consumer profiles used in risk scoring, insurance pricing, employment screening, or even tenant background checks. There is often no way to know exactly where your data ends up once it enters this ecosystem.
How Your Data Gets Collected
Given the breadth of information available, the methods data brokers use to build these profiles involve a complicated web of tactics. Brightside AI, a Swiss cybersecurity company that helps organizations reduce their exposure to data broker networks, outlines several key channels through which personal data is harvested:
Public records. Property filings, voter registrations, court documents, motor vehicle records, and census data are all freely accessible and routinely scraped by broker operations.
Commercial transactions. Everyday retail purchases, subscriptions, loyalty programs, and warranty registrations feed a steady stream of consumer data into broker databases.
Online tracking. Cookies, tracking pixels, logged-on device IDs, and behavioral tracking software collect detailed records of your digital activity, often without your awareness.
Third-party partnerships. Brokers buy and sell datasets among one another and with app publishers, ad networks, and other companies, compounding the reach of any single data point.
What makes this machinery so effective is aggregation. Brokers routinely combine hundreds of thousands of individual data points to construct profiles that predict behavior, preferences, and even future purchasing decisions with remarkable accuracy.
The Identity Fraud Connection
While many brokers operate within the bounds of current law, the sheer volume of personal data circulating through these networks creates a massive attack surface for fraud. When broker databases are breached, or when data is sold without adequate vetting of the buyer, the consequences fall squarely on consumers.
The numbers paint a sobering picture. In March 2025, Javelin Strategy & Research published its 22nd annual identity fraud study and reported that consumers lost an estimated $27 billion to identity fraud in 2024, a 19% increase from the prior year. When scams involving social engineering are included, total losses reached $47 billion, affecting 40 million Americans.
Account takeover fraud, where criminals use stolen personal data to gain access to existing accounts, accounted for $15.6 billion of those losses, up from $12.7 billion in 2023. New-account fraud, in which stolen identities are used to open entirely new credit lines, reached $6.2 billion.
The connection to data brokers is direct: the more personal information that circulates through unregulated or poorly secured channels, the easier it becomes for bad actors to assemble the pieces needed to impersonate someone. Seven in ten fraud victims who lost money to a scam in 2024 were also tricked into handing over additional personally identifiable information, fueling a cycle that compounds future risk.
A Regulatory Landscape Still Taking Shape
Despite the scale of the problem, comprehensive federal regulation of data brokers in the United States remains elusive. In December 2024, the Consumer Financial Protection Bureau proposed a rule that would have classified certain data broker activities under the Fair Credit Reporting Act, imposing accuracy requirements and consumer access rights. By May 2025, the CFPB withdrew the proposal, citing the need for further consideration.
The FTC has been more active. In January 2025, the agency finalized an order banning data broker Mobilewalla from selling sensitive location data. And in February 2026, the FTC sent warning letters to 13 data brokers regarding their obligations under the Protecting Americans' Data from Foreign Adversaries Act, which restricts the sale of sensitive personal data to entities in countries like China, Russia, Iran, and North Korea. Violations can carry penalties of over $53,000 per incident.
State-level action has been more aggressive. California's DELETE Act now requires every registered data broker to honor automated consumer deletion requests through a centralized platform. Twenty states have comprehensive privacy laws in effect as of 2026, and data broker registries are active in California, Vermont, Oregon, and Texas, with more in development. Still, the resulting patchwork of regulations leaves significant gaps that brokers can navigate.
What You Can Do
The reality is that opting out of the data broker ecosystem entirely is difficult by design. Each broker maintains its own removal process, and data that is deleted often reappears within months as brokers refresh their databases from new sources.
There are, however, practical steps worth taking. Submitting opt-out requests to the largest brokers is a reasonable starting point. Using data removal services can automate some of this work. Minimizing your digital footprint by disabling unnecessary cookies, using unique email addresses for different services, and being selective about loyalty programs makes profiling harder at the source.
Most importantly, understanding that this industry exists and how it operates is itself a form of protection. The less invisible these companies remain, the more pressure builds from consumers, regulators, and lawmakers alike to bring meaningful accountability to an industry that has profited from obscurity for far too long.