Data brokers are companies that quietly collect personal information about you — your name, address, age, income, shopping habits, and much more — package it into a profile, and sell it to anyone willing to pay. Most people have never heard of the biggest ones, never agreed to be included, and have no idea their information is being traded. And in the United States, almost all of it is perfectly legal.
Here's how the industry works, why the law allows it, and what you can do about it.
What is a data broker?
A data broker is a business that collects personal information about people from many sources, combines it into detailed profiles, and sells or licenses that information to other companies, marketers, and even government agencies — usually without any direct relationship with the people in its database.
That last part is what makes data brokers distinct. You might knowingly hand your data to a store loyalty program or a social network. A data broker is the company three steps down the chain that buys, scrapes, and merges that data with hundreds of other sources to build a dossier on you that it then resells.
The industry is enormous. The global data broker market was valued at roughly $290 billion in 2025 and is projected to keep growing at about 7% a year, and the largest brokers hold records on billions of people worldwide.
What kinds of companies are data brokers?
People-search sites are the data brokers most consumers run into. Sites like Spokeo, BeenVerified, Intelius, Radaris, and TruthFinder publish your name, current and past addresses, phone numbers, relatives, and more — often free to preview and cheap to unlock. These are the listings that make you feel exposed when you Google yourself, and they're the category that personal-data-removal services like Papaya Privacy focus on.
What information do data brokers collect?
Data brokers collect far more than a name and address. A single profile can contain thousands of individual data points.
Typical fields include your age, gender, marital status, household income, estimated net worth, home ownership and property value, occupation, education, political affiliation, religious affiliation, ethnicity, the names of your relatives and neighbors, your purchase history, the apps on your phone, and inferences about your health interests, hobbies, and life events like having a baby or moving.
The unsettling part is that brokers don't just store facts — they infer. By combining data sets, they guess at things you never disclosed, such as whether you're likely pregnant, in financial distress, or managing a chronic illness. Some of these inferences are simply wrong, but they get packaged and sold right alongside the details that are accurate, and there's no easy way to separate the two. That's why the most effective approach is to remove all of it rather than try to correct records one at a time.
Where do data brokers get your data?
Data brokers pull from three main streams: public records, commercial data, and online tracking.
Public records are exactly what they sound like — government files that are legally open to inspection. These include property and tax records, court filings, voter registrations, professional licenses, marriage and divorce records, and business filings. Brokers harvest these in bulk.
Commercial data comes from companies you do business with: retailers, loyalty programs, magazine subscriptions, warranty cards, and apps that sell or share what they collect. Much of this is buried in privacy policies you accepted without reading.
Online and mobile tracking is the fastest-growing source. Cookies, advertising IDs, and embedded trackers follow you across websites and apps. Some of the most sensitive data comes from mobile location feeds and real-time bidding exchanges — the millisecond ad auctions that happen when a page loads — which can leak precise location and browsing data to brokers.
How do data brokers make money?
Data brokers make money by selling access to their profiles — through one-time data sales, ongoing licensing subscriptions, audience targeting for advertisers, and lookup services for businesses that want to verify or screen someone.
A people-search site might charge a consumer a few dollars for a single report. A marketing broker might license a segment of "new parents in Ohio earning over $80,000" to an advertiser. A risk broker might charge a landlord or insurer per background lookup. The same underlying data gets sold many times over, which is what makes the margins so attractive.
Is it legal for data brokers to sell my personal information?
Yes. In the United States, it is generally legal for data brokers to collect and sell your personal information, and it has been for decades. The reason is simple: there is no comprehensive federal privacy law that broadly restricts the practice.
Unlike the European Union, which regulates personal data under the GDPR, the U.S. has a patchwork of narrow, sector-specific laws. If your data doesn't fall into one of those specific buckets, collecting and selling it is largely unregulated by default.
How do you remove your information from data brokers?
You have two practical options: do it yourself, or use a removal service.
Doing it yourself means finding each broker that lists you, locating its opt-out page, submitting a request (often with identity verification), and repeating the process every few months as your data reappears. It's free, but it's a real time commitment across hundreds of sites.
A continuous removal service automates the process: it scans the major data broker and people-search sites, files opt-out requests on your behalf, and keeps monitoring so your information stays down as brokers try to re-list it. This is the core of what Papaya Privacy does — scanning 350+ data broker and people-search sites, removing your exposed information, and monitoring for new exposures and dark-web breaches so you don't have to manage it yourself.
The bottom line
Data brokers operate legally in the U.S. because the law was built around specific industries, not around the simple act of buying and selling personal information — and the industry grew up in that gap. Until privacy protections catch up, the burden of keeping your information private mostly falls on you — which is why removing your data from the sites that expose it is the most effective step you can take today.
