Skip to Main Content
Home
Blog
How data brokers collect, sell, and use your personal data

How data brokers collect, sell, and use your personal data

Published: November 18, 2025 by Nicola Massier-Dhillon

17 hours ago

Ever had an eerie feeling that the internet knows a little too much about you? One minute you’re browsing for beach holidays; the next, every ad screams about flip-flops, flights, and hotels in sunny Spain. Welcome to the murky world of data broking. Here, shadowy figures gather your information to piece together—and ultimately sell—a detailed profile of you, usually without your consent. Who are they, what do they do, and (most importantly) is it legal? If you’re concerned about your online security and privacy, consider Avira Free Security to help boost your defences against online threats, trackers, and weak passwords.

Download Avira Free Antivirus
Download Avira Free Antivirus
Install free Avira Mobile Security
Install free Avira Antivirus Security

 

What are data brokers?

Gold is so last century. Today, a powerful but secretive information economy is driven by details about you, such as your online shopping habits, interests, and even personal finances. If you ever feel unimportant, the online reality is that you’re someone else’s big business, and every click matters to them: Meet the data brokers. These companies gather, analyse, and sell consumer information, including yours. They collect this data online from various sources to compile detailed customer profiles and then sell this information to businesses, advertisers, and (sometimes) even governments. It’s helpful to think of them as the middlemen of the information economy, quietly amassing details about you and everyone else online. So, the next time you wonder why an insurance company seems to know so much about you before you’ve even filled out a form—they probably already have your data from a broker.

Unlike hackers or cybercriminals, data brokers are meant to operate within the confines of the law (but more on this later)—although their practices can sometimes feel a little unsettling. The data brokerage industry has also been criticised for not being transparent enough: It’s tricky to understand what they’re harvesting, where, and why because brokers don’t have a direct relationship with the people whose data they’re analysing, sharing, and profiting from. And when we said data was big business, we meant it: The global data broker market is expected to grow at a CAGR (compound annual growth rate) of 7.29%, reaching a market size of US$616.541 billion in 2030! That’s up from US$433.936 billion in 2025. But who precisely has your data? If you’re curious to put names to these invisible faces, the 12 top data broker companies include Acxiom, Experian, Epsilon, and Equifax.

What types of information do data brokers collect?

Are they really interested in your online searches for ballet-dancing cats? Individually, information might seem harmless or pointless. But when it’s stitched together, an incredibly detailed online portrait of you emerges. Some of the most commonly collected data types include:

  • Personal details: Who are you? This includes your name, date of birth, gender, marital status, family status (do you have children?), education level, occupation, address, phone number, and email addresses.
  • Online activity: What do you do online? What are your hobbies and interests? Brokers collect the websites you visit (including where and how long you hover and click), your search history, and social media interactions.
  • Purchasing behaviour: What do you like and buy? What can you afford? You share your shopping habits, transaction history, and spending patterns.
  • Financial details: What are you worth, and how do you behave with money? They often know your credit scores, loan history, and estimated income.
  • Health-related data: How healthy are you? Brokers might access fitness tracker information and medication purchases and know of self-reported or researched conditions.
  • Location data: Where are you? You give away this information via GPS tracking from mobile apps, your check-ins, and travel habits. Also, your IP address, billing address, and other personal details you provide online will help data brokers pinpoint your general or even exact geographic location.

Have you ever ranted about a presidential candidate, for example? Data brokers can gain insight into other details, like your political views. Some of the data they gather can be intrusive and might even result in discrimination—like your HIV status, sexual orientation, or whether you have a criminal record.

Information brokers aggregate everything they collect to build user segments, like “new parent”, “health-conscious consumer”, “recent homebuyer”, and so on. They then sell these profiles to other companies so that these, in turn, can market and sell more effectively to you. It’s a wheel, and your data keeps it turning.

The system isn’t perfect, and data brokers sometimes get it wrong despite collecting vast volumes of information. You could muddle their profiles if you buy baby clothes for a friend or research hip replacements for an elderly relative, for example. Before you know it, you’ll be looking at ads for baby foods or stair lifts.

Why do data brokers collect data?

The short answer? Money. Whoever you are, you’re also a potential customer. Your data doesn’t just float aimlessly in cyberspace—it’s a commercially valuable commodity because businesses can use it for:

  • Targeted advertising: Companies love knowing what you like so they can sell you more of it. There’s no point in wasting an ad pushing Lycra gym wear on someone who spends most of their disposable income on online games and crisps.
  • Marketing insight: Brands are eager to understand consumer behaviour when creating strategies and campaigns.
  • Risk assessment: Banks, insurance firms, and lenders must assess creditworthiness and how likely you are to default on a loan. Data brokerage can also help organisations crack down on fraud. For example, they can check that someone’s information on a loan application is accurate.
  • Background checks: Employers, landlords, and even dating apps may tap into data broker services to help understand who they’re dealing with. The information on people search sites like PeekYou and PeopleSmart is also powered by data brokers. Here, you can find someone’s address, phone number and other details (usually for a fee). Sadly, this information can be misused for identity theft, social engineering attacks, and doxxing.
  • Health insurance: Information relating to your health and lifestyle (including medication you buy, whether you drink and/or smoke, the symptoms you search for online, and even what your daily step count or sleeping habits are) could be used by health insurance companies to work out what rates they should charge you for cover.
  • Government and law enforcement: Authorities sometimes purchase data for investigations and intelligence gathering. Some people are concerned about the privacy implications of this and that data gathered by law enforcement may have disproportionately negative impacts on communities of colour and immigrant communities. To learn more, see this Center for Democracy and Technology (CDT) report: Legal Loopholes and Data for Dollars.

How do data brokers obtain data?

You now know what they gather and why, but how do they do it? It’s usually easy because they have a “man” on the inside: You. Most of us hand over our data (often without realising it). Plus, whether you like it or not, there are also public records of you that are often readily available. Government databases provide details like property ownership, business filings, and court records. They also contain birth certificates, marriage licenses, divorce records, voter registration information, and other things you’d rather forget, like bankruptcy records.

How many times have you commented on, liked or shared something on social media today? It’s all scooped up, along with your profile details. Your entire web history is a data treasure trove. Whenever you use a search engine, visit a web page, use an app, or fill out an online quiz, you leave an electronic trail for data brokers to follow. Web tracking is relentless. Browser fingerprinting, for example, allows data brokers to create a unique identifier for any user based on their device and browser settings. They can then track that user’s online activity across different websites. Data brokers also use web scraping (a tiny scrap of software or script) to extract data from a website.

And who doesn’t love the ease of online shopping? Your purchases are big business way beyond the company you actually bought from. Did you go in-store and use your loyalty card? How much did you spend, and did you pay by cash, card, or coupon? Even your grocery shopping habits will help top up their data pools (Is your private health insurance provider watching? Hopefully, lots of fresh fruit made it onto your receipt).

How many apps do you use? That fitness tracker or weather app might send more than just your step count or local forecast—a handy reminder never to click “Accept” without reading the terms. Many companies sell this data to brokers as part of their business model to help pay for the “free” services they provide you with.

Is data brokerage legal?

Here’s where it gets a little murky. Yes, data brokers should operate within legal boundaries, but the laws are not always clear-cut and data-gathering practices can raise ethical concerns. Consent is often buried in tombs of fine print where it’s difficult to find or understand. Many people don’t realise how much of their information is out there, or how difficult it is to remove.

Regulations vary depending on where you are. In the UK and EU, the General Data Protection Regulation (GDPR) gives consumers some control over their data, as it requires companies to be transparent about how data is collected and used. The European Council of the European Union prides itself on the GDPR being the “strongest privacy and security law in the world”. GDPR also gives consumers the right to ask organisations to delete data stored about them.

Data privacy laws in the US tend to be more relaxed and fragmented. There’s no federal regulation governing data brokers, and only some states, like California, have introduced stricter laws. Other countries have a patchwork of regulations, with some enforcing strong consumer protections and others offering little oversight.

Can you opt out of data collection by data brokers?

It won’t be easy to disappear from their data books entirely. You can opt out of data collection by contacting individual data broking sites and requesting that they remove your details. You’ll need time and patience. If you want to try it, Privacy Rights Clearinghouse offers an extensive data broker list, including links to the privacy policies and how to opt out for each broker. A company called BrandYourself scans for your data in the databases of major brokers and compiles a report on where your data has been found. This is a helpful starting point if you’re looking for which data brokers to contact. You can also pay private companies for automated data removal services. See this overview of popular data removal services in 2025.

If you’re concerned that a company’s collection of your personal data is breaching your rights, you can file a complaint with your relevant government agency. In the US, contact the Federal Trade Commission’s support for fraud, scams, and bad business practices. In the UK, inform the Information Commissioner’s Office.

It’s easier to help safeguard your data and privacy by staying off data broker lists in the first place or, at the very least, minimising what they collect! That’s why good online habits are essential.

The danger of data breaches

Data brokerage companies aren’t immune to data breaches, potentially putting your data at risk even if you’re careful about your personal online security. Take the recent Gravy Analytics data breach, for example. Russian hackers claim to have exfiltrated more than 10 terabytes of sensitive data from this prominent player in location-based data intelligence. Tinder, Spotify, Citymapper, Mumsnet and Sky News were among the companies named in a list of apps linked to the breach, exposing vulnerabilities within the company’s cybersecurity infrastructure.

It’s a scary reminder: Once your data is in someone else’s hands, who knows who else could have access to it?

How to help protect your data from data brokers (and stay safer online)

While you may feel like an ear of corn in the face of a combined harvester, there’s good news: You do have some powers to limit the amount of personal information data brokers or (worse!) cybercriminals might access. It’s all about being mindful of what you do online and deploying reliable technology that can help shield your privacy. Start with our simple guide to anonymous browsing.

  • Avoid sharing personal information on social media. Keep your profile data to a minimum and adjust your privacy settings so your accounts are private. Always ask yourself what a third party could do with your information. Your mother’s maiden name is a popular security question, for example, so don’t mention it on Facebook. And avoid filling in online quizzes and competitions, as you’ll be handing over swathes of information on a plate.
  • Use a virtual private network (VPN).A VPN helps conceal your IP address and can encrypt your web traffic while you browse and buy online. Avira Phantom VPN is available alone or as part of Avira Free Security. Remember that it’s essential to use a VPN on public Wi-Fi.

Download Avira Free Antivirus
Download Avira Free Antivirus
Install free Avira Mobile Security
Install free Avira Antivirus Security

 

  • Watch where you click! Don’t click on random links in posts, ads, and emails, as you’ll never know where you’ll end up or what you’ll inadvertently install. It could be malware, keylogging software, or a potentially unwanted application (PUA). Cybercriminals are experts at phishing, whereby they craft legitimate-looking emails and websites that trick you into interacting with them.
  • Delete your cookies. These tiny files of numbers and letters are downloaded onto your computer whenever you visit a website and act as a unique ID for your computer. They also store information about what you do online so you can receive targeted advertising. Clearing cookies helps protect your online privacy and is especially important when using a public computer.
  • Only install reputable apps. Never download any app, no matter how tempting it might be to see yourself mime to your favourite song or what you could look like in 50 years… They might be entertaining, but many apps are designed to hoover up your information and even payment credentials.
  • Use a web browser built for greater privacy. Avira Secure Browser helps block dangerous websites and URLs while helping block ads, trackers, and browser fingerprinting.

Download free Avira Secure Browser
Download free Avira Secure Browser

 

  • For very serious privacy warriors: Use Tor browser to help hide you online.Otherwise known as the onion router due to its many layers of security, the Tor browser takes online privacy to a whole new level. It encrypts your traffic and routes it through a complex network of servers while deleting your browsing history and cookies. Beware that some network administrators block Tor, and your ISP might even report you due to its association with the dark web. It can also slow down your browsing.

Discover multilayered protection

Avira offers its own approach to a comprehensive security “onion”: Avira Free Security blends powerful antivirus, a password manager, a software updater, a VPN, and more for multilayered defences against online threats to your data and privacy. You can help protect all your devices with Free Security for Windows, the security solution for Mac, the security app for iOS devices, or the antivirus app for Android phones and tablets.

Download Avira Free Antivirus
Download Avira Free Antivirus
Install free Avira Mobile Security
Install free Avira Antivirus Security

Explore cybersecurity topics

This post is also available in: GermanFrenchItalian

Nicola Massier-Dhillon
Nicola Massier-Dhillon
Freelance Cybersecurity Writer
Nicola Massier-Dhillon is an experienced cybersecurity and technology writer. Nicola spent many years as a senior copywriter and creative lead in marketing agencies, crafting compelling content and campaigns for major tech brands like HP, Dell, and Microsoft. She originally hales from Namibia and is a passionate advocate for the conservation of wild habitats--also putting her words to work for charities, eco-tourism, and healthcare. Nicola spends her time looking after her (wild) twins, rescue cats, and a crested gecko called Giles.
Avira logo

Help stop online threats and cybercriminals with Avira Free Security (including a free VPN!)

Free download
Avira logo

Help stop online threats and cybercriminals with Avira Free Security for Mac(including a free VPN!)

Free download
Avira logo

Help keep your mobile devices safer from cybercrime & online threats: Avira Mobile Security for iOS.

Free install
Avira logo

Help keep your mobile devices safer from cybercrime & online threats: Avira Antivirus Security for Android

Free install