What is a data broker

Data brokers aren’t something made up by stuff like Person of Interest or Mass Effect – they really exist. And while their real work is a lot less glamorous than fiction depicts, they are gunning for you – and making mad dough from it. Here’s a whole article to explain it in a slightly less flippant way. 

What is a data broker?

A data broker is an organization that collects and sells data. The most pertinent point for us is that they gather data about people (you) and sell it to marketers (evil) so that they could push their products better. 

It wouldn’t be economical for marketers to have their own departments that collect data for their uses. Making population research tailored to the exact needs of an ad campaign or such would also consume a lot of time. Meanwhile, the data broker already has all the data, they just need to sort it in the way the customer wants. 

Thus, the data broker industry is what allows marketers to create laser-focused campaigns. For example, you’re selling cigarettes (a sort of non-electronic vape) and want to attract non-smokers. If your campaign is in Europe, you’re ideally looking for people between 18-30 with interest in partying, social clubs, and drinking. At the same time, you’re excluding people who have shown interest in exercising, healthy lifestyle, yoga, and meditation. 

Those ads will then be used to advertise things via Google, Facebook, email, text messages, influencer videos, Instagram (stories and feed), and even in real life. 

How does a data broker operate?

How does a data broker operate?

As we mentioned before, data broker companies operate by gathering data and then selling it to interested parties

Data brokers collect information in several ways: 

Scraping public records: the state collects a lot of data about each and every one of us, and some of it is public. So data brokers go around collecting census data, court records, and so on.

Scraping social media: a person generates about 1.7MB of data about them everyday. A lot of it is on social media, open for public consumption because we all need likes and shares. So the brokers take that data from Twitter, Instagram, Facebook, and other platforms. 

Buying it from other sources: in the US, your ISP may sell their consumer data. Your credit card provider may do so as well. And if you have retailer loyalty cards, well, that’s just a dataset waiting to be sold. And that’s before you get into sources like free to play apps and such! 

It is then up to the customer to ask for whichever way they want to filter data. For physical ads, a vape company may ask which areas of London have the most smokers. For, say, Instagram ads, pottery companies would probably be interested in what other hobbies folks already into pottery have. So if they detect a huge correlation between pottery and free Android game players, they may order more ads to show pottery to free gamers.

What kind of data does a data broker gather?

Data brokerage industry collects all sorts of data points (industry term for a single fact, like gender or age) about you, with Acxiom boasting that it offers over 10,000 attributes to sort your rubes potential buyers by

The information data brokers collect usually includes (but is not limited to):

Place of residence
Email address
Phone number
Browsing history
Purchase data
Family status
Pet ownership

That’s a far cry from the 10,000 we mentioned before, but we think that some strange company knowing 15 intimate things about you is already scary enough.

But it can get creepier. Brokers may be selling data based on your geolocation. And they can be very insensitive about sensitive data – back in 2013, one company got into trouble for selling lists centered around sexual assault victims, alcoholics, and AIDS/HIV patients

How much does a data broker make?

The data broker we just mentioned was asking $79 per 1000 users. Today, depending on the industry, your email address alone might be worth from $84 (for retailers) to $251 (travel companies).

Back in 2013, the industry was already at $150 billion. It had grown to $235 billion by 2019, with projections suggesting $345 billion by 2026

North America is currently the leading market, both because of heavily developed analytic methods (read: the desperate need to narrow down the most lucrative demographic to show ads to) and due to adoption of Internet of Things – after all, Google Assistant is listening. However, Asia Pacific is catching up real fast. 

Now, the phrasing of the question “how much does a data broker make” suggests that people consider brokers to be individuals – they really aren’t. Sure, there may exist individual mom-and-pop data brokers, but the real players are huge corporations like Acxiom (with their own creepy dystopian video about 2.5 billion addressable consumers), Nielsen (of Nielsen ratings fame), and Experian (over $5 billion in revenue in 2020). There’s enough of a market in this that around 4,000 brokers exist in the world. 

What kind of data brokers exist? 

There’s no scientific system for sorting them, but some types of data brokers may cater to smaller audiences than others.

Marketing and advertising: like the above-mentioned Acxiom, these sell your data to companies who want to accurately target (assuming their assumptions about the customer are correct) their advertising campaigns. 

Credit check: Experian, TransUnion, and Equifax are the big three agencies that make their money on reporting on your credit score, which is apparently useful for lending. Huh, and I thought that 2008 taught us that they’ll lend to anyone!

Insurance and fraud detection: we mentioned how data brokers scrape open records, which includes stuff like court records. Well, those same records are very useful for financial institutions who want to know the odds of you trying to trick them. Similarly, insurance agencies have to somehow get data on your car accident history before they give you a quote for insurance. 

Medical data brokers: these are of great importance both for various health insurance industries and marketers both. The former can see how risky you are to take on, the latter can determine how likely you are to buy their latest miracle cure.

People search sites: these are the ones you’re actually likely to use as a person. They collect information on people from open sources, and then sell it to you. Will you use it to avoid catfishing or for stalking? Congratulations, that’s the core question of all data collection and privacy efforts. 

Is data brokering illegal?

Data brokering is still legal just about everywhere. Laws may exist to regulate how they gather data, what kind of data they can collect, and what can be done with it, but this isn’t stopping them. You did see the market projections, right?

Luckily for us, there are certain laws that deal with data brokers. For example, Article 15 of the European General Data Protection Regulation (GDPR) states that a person has the right to know what information the data brokers have collected on them. There are others like it,  with California Consumer Privacy Act (CCPA) being one example. 

On the more abstract side, stuff like the Fair Credit Reporting Act (passed in the US in the 1970s) may regulate specific sectors of the industry. The FCRA specifically is supposed to make Experian et al provide accurate data on your credit score. 

What can you do against data brokers?

Various laws governing private data make it possible to contact data brokers and ask them to delete your data. However, that isn’t easy in practice. 

Our research on data brokers has shown that the process isn’t straightforward or easy – or that the companies are in any hurry to delete your data. We crunched some numbers and they show that manually going through the data brokers and asking them to delete your stuff would take at least 66 years. Not very practical, isn’t it? 

Here’s what you can do to fight them:

  1. Divulge less information online.
  2. Pressure local politicians to actually do something about it.
  3. Employ a service like Incogni to handle the data deletion for you. 

Data brokers are whack 

Unless aliens unleash a nanobot plague specifically targeting data broker employees, data brokers are here to stay. The best way to stay ahead of them is to stay informed – both about what they do and what rights you have in regards to their activities. 

However, data brokers operate legally; hackers aren’t bound by those same legal fetters. They obtain and sell your sensitive information that was stolen from breached websites and services. To keep ahead of those, use a service like Surfshark Alert, which will monitor known breach data collections for your data. 

Forewarned is forearmed

Get Surfshark Alert


Can I sue a company for selling my data?

It depends on the country law under which the company operates, but when it comes to data brokers, the most likely answer is “no.”

Is Amazon a data broker?

No, it’s not, but it’s a big enough company with fingers in so many pies that even internal use of your data mimics selling it to marketers.

Is Google/Facebook/Amazon selling my data?

These companies are not selling your data. However, considering that they can use it for internet marketing, they don’t even need to. An ad purchaser says who they want to target, and they do the rest internally. 

So you still get annoying ads (probably for stuff you already purchased), but your data hasn’t left the company’s bounds.

Is it legal to sell customer data?

The answer depends heavily on time and place, but yes, it is legal to sell certain customer data.