The Data Broker Economy: How Companies You've Never Heard of Know More About You Than Your Friends Do

Someone You've Never Met Has a 3,000-Point Profile on You

Acxiom, a company headquartered in Conway, Arkansas, knows your name, every address you've lived at, your estimated household income, what kind of car you drive, your religious affiliation, your political leanings, and which of 70 "lifestyle segments" you belong to — categories like "Flourishing Families" or "Modest Metro Means." You have never done business with Acxiom. You've almost certainly never heard of them. They don't care. You are their product.

Welcome to the data broker economy: a $300 billion-per-year industry built almost entirely on information you never knowingly provided to anyone who sold it.

The Scale Is Difficult to Comprehend

There are thousands of data brokers operating in the United States. The well-known names — Acxiom, LexisNexis, Experian (not just credit reports; they sell behavioral and demographic data too), Oracle Data Cloud, Equifax's data services division — are the tip of the iceberg. Below them sit hundreds of smaller aggregators, people-search sites, audience analytics firms, and data resellers. The industry doesn't require a license to operate. There's no federal registration. In most states, there's no registration requirement at all.

Their product is you — or more precisely, a statistical representation of you assembled from sources you'd struggle to enumerate.

What They Actually Know

The profile a major data broker holds on a typical American adult is not abstract. It likely includes:

• Full name, current and historical addresses, phone numbers, and email addresses
• Estimated income, net worth, and spending capacity
• Purchasing history from retailer loyalty programs and credit card transaction data
• Political party registration and voting frequency (from public records)
• Religious affiliation (inferred from donations, neighborhood demographics, purchasing patterns)
• Health conditions (inferred — not from medical records, but from purchases of specific OTC medications, mobility aids, dietary supplements, and disease-related charity donations)
• Relationship status, household composition, and the ages of children in the home
• Vehicle ownership, make, model, and year
• Location history derived from smartphone apps
• Social media activity and inferred personality traits

Acxiom's PersonicX system classifies Americans into 70 lifestyle clusters. Oracle Data Cloud's segments run into the thousands. These aren't just marketing curiosities — they are sold as inputs for decisions that affect your life.

How They Collect It: The Data Supply Chain

No single source builds a complete profile. Data brokers assemble theirs from dozens of pipelines running simultaneously:

• Public records: Property ownership, voter registration, court records (including civil suits, divorces, and bankruptcies), and motor vehicle records are public in most US states. Brokers vacuum them up continuously.
• Retailer and loyalty program data: When you use a grocery store loyalty card or a retail app, your purchase history is frequently sold or licensed to data brokers. The discount is real. The cost is also real.
• Mobile location data: Hundreds of apps — weather apps, games, coupon apps — include third-party SDKs that transmit location data to brokers. A 2021 investigation by The Markup found location data being sold that could track individuals to specific hospital entrances, places of worship, and domestic violence shelters.
• Data shared between brokers: Brokers buy from other brokers. The same information circulates and recirculates, each transaction slightly enriching the profile.
• Credit header data: Financial institutions share name, address, and employment data (not the credit score itself, but the header information) under specific legal provisions.

Shadow Profiles: You Don't Have to Participate

One of the most unsettling aspects of the data broker ecosystem is that opting out of digital life provides almost no protection. If you've never had a Facebook account, Facebook almost certainly has a shadow profile on you anyway — built from email contact lists uploaded by your friends, browsing data collected through the Facebook pixel embedded on millions of websites, and data purchased from brokers.

This is not hypothetical. In 2018, when Congress asked Mark Zuckerberg about shadow profiles, he confirmed the practice. The data broker industry operates on the same principle at industrial scale: you don't have to interact with a broker for them to have a file on you. Your friends, your purchases, your neighbors, and your public records do it for you.

What the Data Gets Used For

Targeted advertising is the visible surface. The uses underneath are less discussed but often more consequential:

• Tenant screening: Landlords use data broker reports that may include eviction records, criminal history, and behavioral scores — data that can be inaccurate and is difficult to dispute.
• Employment background checks: A significant industry operates in this space, and errors in underlying broker data propagate into hiring decisions.
• Insurance pricing: Insurers in some states use data broker-derived "credit-based insurance scores" that correlate with race and income, effectively charging lower-income customers more.
• Loan underwriting: Alternative credit scoring models draw on behavioral data from brokers to make lending decisions on people with thin credit files.
• Political micro-targeting: Both major US political parties purchase data broker files extensively. The 2016 and 2020 election cycles involved micro-targeting at a scale that would not be possible without the broker industry's infrastructure.
• Debt collection and fraud: Skip-tracing — finding people who have moved — is a primary use of people-search data.

The Real Harms

The harms from data broker activity are not theoretical. People-search sites — a consumer-facing subset of the broker industry — have been directly linked to stalking and domestic violence cases, providing abusers with current addresses in seconds. A 2023 report by the National Domestic Violence Hotline found that data broker sites were a primary tool used by abusers to locate victims who had fled.

Insurance and lending discrimination based on inferred demographics is a documented pattern. A 2020 ProPublica investigation found that price optimization algorithms — fed by data broker inputs — charged higher premiums in predominantly Black neighborhoods even when risk profiles were identical.

Data breaches at brokers are also a distinct risk category. The 2017 Equifax breach, which exposed 147 million people's financial data, and the 2023 breach at background-check firm National Public Data, which exposed Social Security numbers for an estimated 2.9 billion records, illustrate what happens when the aggregated files brokers hold are compromised.

The Legal Landscape: Rights That Exist and Rights That Don't

If you're in the European Union, the GDPR gives you meaningful rights: the right to access what data a broker holds on you, the right to correct it, and the right to request deletion. These rights have real teeth — fines for violations run into the hundreds of millions of euros.

In California, the CCPA and its 2020 expansion CPRA give residents the right to know what data has been collected, the right to opt out of its sale, and the right to deletion. California also runs a Data Broker Registry — companies must register and provide opt-out mechanisms. Vermont and Texas have similar registries.

Everywhere else in the United States: you largely have nothing. There is no federal privacy law with a private right of action. The FTC can pursue deceptive practices, but the core business model of buying and selling personal data is legal. Most states have no data broker regulation at all.

What You Can Actually Do

The honest answer is: not as much as you should have to. But some actions have meaningful impact:

• Remove yourself from people-search sites first. Sites like Spokeo, BeenVerified, Whitepages, and Intelius are the highest-risk for physical safety. Submitting opt-out requests to these specifically has the most immediate protective value.
• Use a data removal service. Services like DeleteMe, Kanary, and Privacy Bee submit opt-out requests on your behalf and re-submit them as data re-populates (which it will, typically within three to six months). These cost money but save significant time.
• Freeze your credit at all three bureaus. This doesn't remove broker data, but it prevents fraudulent credit applications — one of the most damaging downstream uses of exposed personal data.
• Audit your app permissions. Location permissions granted to apps that don't need them are a direct data pipeline to brokers. Review and revoke.
• Use a masked email service (Apple's Hide My Email, SimpleLogin, etc.) for retail and loyalty programs to limit cross-broker profile stitching.

The critical caveat: opt-outs are a leaky bucket. Data re-enters broker databases from new source transactions continuously. Individual action can reduce exposure but cannot eliminate it.

The Only Fix That Would Actually Work

Comprehensive federal privacy legislation — modeled on the GDPR but adapted for US legal structures — with a private right of action allowing individuals to sue for violations, would fundamentally change the broker industry's economics. Without the ability to sue, brokers face no individual-level accountability. State laws like CCPA are meaningful but incomplete: they protect Californians but not the other 280 million Americans, and they're subject to constant lobbying pressure to dilute them.

Until that legislation exists, the data broker economy will continue operating at scale, classifying Americans into lifestyle segments, pricing insurance based on inferred health, and providing stalkers with current addresses. The individual opt-out is not a solution — it's a way of managing symptoms of a structural problem that only structural change will fix.