PrivacyOn
SecurityMarch 29, 20267 min read

How Data Brokers Get Your Information

There are more than 4,000 data brokers operating in the United States, feeding a global industry worth over $400 billion. These companies have built detailed profiles on nearly every American adult — yet most people have no idea how that data was collected, who holds it, or what it's being used for. Understanding where data brokers get their information is the first step toward taking back control.

What Is a Data Broker?

A data broker is a company whose primary business is collecting personal information about individuals, packaging it, and selling it to advertisers, marketers, insurers, employers, landlords, law enforcement, and other data brokers. Unlike a bank or hospital that collects your data incidentally, data brokers exist solely to trade in personal information.

Their profiles can include your name, current and past addresses, phone numbers, email addresses, age, income estimate, net worth, education, employment history, political affiliation, consumer habits, health interests, relationship status, vehicle records, and much more. Here is how they build them.

1. Public Records

The single largest source of data broker information is government public records — documents that are legally accessible to anyone. Data brokers have automated systems that continuously harvest:

  • Voter registration files: Name, address, date of birth, and party affiliation are public in most states.
  • Property deeds and tax assessments: Who owns what, what they paid, and estimated property value.
  • Court records: Civil lawsuits, bankruptcies, judgments, liens, and in many jurisdictions, criminal records.
  • Marriage and divorce records: Names, dates, and often the names of children listed in custody filings.
  • Business filings: If you've ever registered an LLC or incorporated a business, your name and address are on public record.
  • Death records and probate filings: Used to update records and to identify heirs.

Because these records are public by law, there is no general right to demand their removal from a data broker's systems — though some states have created specific protections around sensitive record categories.

2. Social Media Scraping

Data brokers scrape public social media profiles at scale on platforms including Facebook, LinkedIn, Instagram, and X (formerly Twitter). Even accounts set to "private" leak metadata: username patterns, approximate location, follower connections, and timestamps that can be cross-referenced with other sources.

Information harvested from social media includes employer and job title, hometown and current city, relationship status, interests and hobbies, photos, check-ins, and the social graph of who you know.

3. Purchase History and Loyalty Programs

Every time you swipe a grocery store loyalty card or create an online retail account, your purchase data is being recorded and may be sold. Retailers routinely sell or license transaction data to data brokers. This includes:

  • Supermarket and pharmacy loyalty programs
  • Online purchases (items bought, prices paid, return behavior)
  • Warranty registrations — which ask for household demographics under the guise of protecting your purchase
  • Magazine and newsletter subscriptions
  • Catalog purchase histories

Your buying behavior is one of the most valuable data categories because it predicts future behavior with high accuracy. A broker that knows you buy prenatal vitamins can infer a pregnancy weeks before you might announce it.

4. Data Purchases Between Brokers

Data brokers don't just collect data — they buy and sell it to each other constantly, creating an interconnected web that is nearly impossible to fully unravel. A profile that originates at one broker is enriched by a second, sold to a third, and licensed to a fourth — all before it ever reaches an advertiser or employer.

The Data Broker Ecosystem

When you opt out of one data broker, your information often reappears weeks or months later because other brokers in the same network continue sharing it. This is why single opt-outs rarely produce lasting results — the data simply flows back in from different sources in the ecosystem.

This trading creates a situation where no single broker holds all of your data, and no single opt-out removes it. Comprehensive removal requires reaching every node in the network — which is exactly what a service like PrivacyOn is built to do.

5. Web Tracking and Cookies

Third-party cookies, tracking pixels, and browser fingerprinting tools are embedded on millions of websites. When you visit a page that contains a tracker from a data broker's partner network, that visit — including the page URL, the time, and your approximate location — is logged and attached to your profile.

Browser fingerprinting goes further, combining your browser version, screen resolution, installed fonts, and hardware characteristics into a near-unique identifier that follows you even when you clear cookies or use a VPN.

6. Mobile App Data

Smartphone apps are one of the most aggressive sources of personal data collection. Many free apps — games, weather apps, flashlights, coupon apps — generate revenue by selling the data they collect to brokers. This can include:

  • Precise GPS location history: Where you sleep, work, worship, seek medical care, and spend your time
  • Contact lists: Your social graph, including people who never consented to share their information
  • App usage patterns: Which apps you use, when you use them, and for how long
  • Device identifiers: Advertising IDs that link behavior across multiple apps and data sources

Warning: Location Data Is Especially Sensitive

Precise location history is among the most revealing data categories a broker can hold. It can expose your medical conditions (based on clinic visits), religious practice (place of worship), political activity (rally attendance), and relationship patterns. Several major data brokers have been reported selling location data traced to mobile advertising networks. Review app permissions regularly and revoke location access for any app that does not genuinely need it.

7. Surveys, Sweepstakes, and "Free" Offers

Online surveys, contest entry forms, and sweepstakes are structured data collection tools. The fine print on these forms typically grants the operator permission to share your information with "marketing partners" — which often means data brokers. The prize is usually real; the primary business model is selling your answers about income, health, household size, and consumer preferences.

The same applies to free product samples, rebate forms, and coupons that require registration. Each touchpoint adds another data point to a profile that may already contain hundreds of entries.

8. Credit and Financial Data

The major credit bureaus — Equifax, Experian, and TransUnion — are themselves among the largest data brokers in the world. While the most sensitive credit data is regulated under the Fair Credit Reporting Act (FCRA), significant financial information still flows to non-FCRA brokers, including estimated income ranges, debt load indicators, homeowner status, and financial product ownership signals derived from credit bureau data.

Banks, lenders, and financial service companies also sell or share anonymized (and sometimes not fully anonymized) transaction data with third parties.

Why It Is So Hard to Stop

The scale and redundancy of the data broker industry makes individual opt-outs extraordinarily difficult. Even when a consumer successfully removes their data from one broker, the information:

  1. Continues to exist at dozens of other brokers who received a copy
  2. Gets re-ingested from public records that are updated continuously
  3. Reappears when brokers refresh their databases from commercial partners
  4. Resurfaces when new public records are filed (moving, voting, buying a car)

Most data brokers make the opt-out process deliberately time-consuming — requiring ID verification, physical mail, or repeated confirmations. Doing this for even a fraction of the 4,000+ active brokers would take hundreds of hours of ongoing work.

What You Can Do About It

The most effective approach combines direct opt-outs with continuous monitoring, because data reappearance is not a one-time problem — it is an ongoing one. PrivacyOn submits removal requests to 100+ data broker and people-search sites on your behalf, then monitors those same sites so that when your information reappears — and it will — a new removal request goes out automatically.

In the meantime, reducing the flow of new data into broker networks helps slow reappearance:

  • Use a dedicated email address for loyalty programs and online shopping, separate from your personal account
  • Decline optional data sharing prompts in apps and at checkout
  • Review and tighten location permissions on your smartphone regularly
  • Be skeptical of sweepstakes and surveys that ask for household or income information
  • Use a browser extension that blocks third-party trackers

None of these steps eliminates the problem entirely — the data broker industry has too many inputs for any individual to plug every channel. But combining personal data hygiene with a service that handles removals at scale gives you meaningful, lasting protection over time.

PrivacyOn Team

Experts in online privacy and data protection since 2022.

Related Articles

Security

How to Set Up Two-Factor Authentication Everywhere

Security

What to Do If Your Identity Is Stolen

Security

What Information Do Data Brokers Have About You

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.