A data broker is an individual or company that specializes in collecting personal data (such as income, ethnicity, political beliefs, or geolocation data) or data about people, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties for a variety of uses.
Sources, usually Internet-based since the 1990s, may include census and electoral roll records, social networking sites, court reports and purchase histories. The information from data brokers may be used in background checks used by employers and housing.
There are varying regulations around the world limiting the collection of information on individuals; privacy laws vary. In the United States there is no federal regulation protection for the consumer from data brokers, although some states have begun enacting laws individually. In the European Union, GDPR serves to regulate data brokers’ operations. Some data brokers report to have large numbers of population data or “data attributes.” Acxiom purports to have data from 2.5 billion different people.
Credit scores were first used in the 1950s, and information brokering emerged as a career for individuals during that decade. However the business of information brokering did not become widely known or specifically regulated until the 1990s. During the 1970s, information brokers often had a library science degree; however, towards the end of the 20th century, people with degrees in science, law, business, medicine, or other disciplines entered the profession, and the line between the terms information professional and information broker became more blurred.
Beginning in the late twentieth century, technological developments such as the development of the Internet, increasing computer processing power, and declining costs of data storage made it much easier for companies to collect, analyze, store and transfer large amounts of data about individuals. This gave rise to the data broker industry. Information brokers have been defined by the FCC as “companies that collect information, including personal information about consumers, from a wide variety of sources for the purpose of reselling such information to their customers for various purposes, including verifying an individual’s identity, differentiating records, marketing products, and preventing financial fraud. Gartner defines an information broker as ‘a business that aggregates information from a variety of sources; processes it to enrich, cleanse or analyze it; and licenses it to other organizations.’ It states that data is ‘licensed for particular or limited uses’ rather than sold to a client.
Clients of information brokers come from a wide range of industries and professions. Non-profit organizations might benefit from information which helps them to apply for grant funding, and real estate agents often use IBs to undertake land title searches. Information brokers need to screen their clients carefully to avoid criminals obtaining data on individuals for nefarious purposes: U.S. broking companies Lexis-Nexis and ChoicePoint have both been duped by phoney clients, leading in one case to identity theft on a large scale.
Data may be harvested from various sources, including census, change of address, motor vehicle-related records, user-contributed material and social networking sites, media and court reports, voter registration lists, consumer purchase histories, most-wanted lists and terrorist watch lists, bank card transaction records, health care authorities, and Web browsing histories. IBs may also purchase information from other companies (such as a credit card company). The information collected may include name, address, social security number, driver’s licence number and other such identifying information, as well as occupation, property ownership, income, etc. Advertising companies are most often only interested in profiles and categories rather than personal information about an individual.
Information from property records, tax filings, etc. may also be available via ‘people-search’ whitepage sites, either for a small fee or no cost. These websites can thereby have implications for stalking, harassment, and domestic violence.
The data are aggregated to create individual profiles, often made up of thousands of pieces of information, such as a person’s age, race, gender, height, weight, marital status, religious affiliation, political affiliation, occupation, household income, net worth, home ownership status, investment habits, product preferences and health-related interests. Brokers then sell the profiles to other organizations that use them mainly to target advertising and marketing towards specific groups, or to verify a person’s identity including for purposes of fraud detection, and to sell to individuals and organizations so they can research people for various reasons. Some datasets may also include geolocation data and is included in marketing resources from Acxiom. Experian and Oracle also advertise location-based marketing services.
Data brokers in the United States include Acxiom, Experian, Epsilon, CoreLogic, Datalogix, Intelius, PeekYou, Exactis, and Recorded Future.
The Department of Homeland Security has purchased cell phone location data and home utility data from data brokers to facilitate deportations. The FBI has purchased personal data from the company Venntel. Under both of these circumstances, a warrant is not required to acquire this data, due to the fact that it is ‘open source’ or ‘commercially obtained.’ Use of the data also has implications in background checks (used in rent/housing and job applications).
In 2017, Cambridge Analytica claimed that it has psychological profiles of 220 million United States citizens, based on 5,000 separate data sets, with another source reporting 230 million. A scandal emerged after it was found that after 270,000 Facebook users consented to sharing their data, data was scraped from about 50 million profiles on the social media platform. This was seen as breach of trust by Facebook.
Information privacy laws are not as strict in the United States as in the European Union, where data brokers work hard to get around the General Data Protection Regulation (GDPR) regulations, brought into operation in 2018. Under GDPR, data can only be collected for re-use on one of six legal bases. The rather vague term ‘legitimate interest’ is often abused or misinterpreted. Explicit consent from users is required for information storage. In addition, data processing related with political opinion and religious belief is prohibited unless the consent of data subject is granted.
In the U.S., individuals generally cannot find out what data a broker holds on them, how a broker got it, or how it is used. There is no federal law that permits or enables consumers to see, make corrections to, or opt out of data compiled by brokers.
Files on individuals are generally sold in lists; examples cited in testimony to the U.S. Congress include lists of rape survivors, seniors with dementia, financially vulnerable people, people with HIV, police officers (by home address), alcoholics, and people with erectile dysfunction.
The proposed U.S. Data Accountability and Trust Act (introduced in 2009) contained a number of requirements for auditing and verification of accuracy of data held by information brokers, and additional measures in the case of a security breach. The bill also gave identified individuals the means and opportunity to review and correct the data held that related to them. It passed through the United States House of Representatives in the 111th United States Congress, but failed to pass the United States Senate.
In October 2019, California Governor Gavin Newsom signed into action statute AB 1202. The bill ‘would require data brokers to register with, and provide certain information to, the Attorney General. The law was created to safeguard against the ‘cloak of invisibility’ (unregistered, unregulated, untracked information broker) that previous data brokers roamed in. It was also meant to regulate the purchasing of data in commercial third party buyers, and tracks the data brokers information trades.
In 2025, Zhou Shuai and Yin Kecheng, two China-based data brokers wanted by the FBI were accused by the United States Department of State of selling sensitive American data to China’s Ministry of Public Security (MPS).
The information produced by data brokers has been criticized for enabling discrimination in pricing, services and opportunities. For example, a 2014 White House report found that web searches that included black-seeming first names such as Jermaine were more likely to result in ads being displayed that include the word ‘arrest,’ compared with web searches including white-seeming first names such as Geoffrey.
The Daily Omnivore 
Leave a comment