Who are data brokers and how do you fight them?
Has this ever happened to you? It’s Friday night, you may have had too much wine and you find yourself browsing model ships on Amazon while listening to a podcast about the Voyager space probe and lazily googling the symptoms of Night Eating Syndrome because you’re reaaaaaaaally craving some Taco Bell right now. And the very next day your phone (as well as the phone of everyone on your WiFi) is bombarded with woodworking school ads and space pajama deals. You go check your mailbox to get away from it all only to find it full of local private clinics inviting you to free eating disorder checkups.
Of course, it has! Because it has happened to everyone. And it happens because of data brokers.
You may have never heard of them. You may not know they exist. But they sure know you. Maybe even better than anyone else in the world…
Doesn’t feel right? Take matters into your own hands!
Who are data brokers?
If we’d leave you with just the introduction, you might think that this is some kind of Sci-Fi plot. And we wouldn’t want to leave you with the wrong impression. So we can confirm right now that it definitely is. What makes it worse is that it’s happening right now!
Data Brokers are very real. And while not quite the Illuminati, they probably come the closest by actively shaping how you experience the Internet and even things outside of the Internet without ever knowing it.
So who are Data Brokers?
Well, aside from being everything wrong with the Internet, a Data Broker (aka Information Broker, Data Supplier, or Data Provider) is a business that aggregates information about people by collecting and/or buying data from other companies, scraping the Internet, and obtaining information from both online and offline sources, analyzes, cleanses, and enriches it to build a user’s personal profile. This data is then either sold, but more commonly licensed to other companies and service providers to target users, sell their own products, or generally get more information about them.
But also, yes, everything that’s wrong with the Internet.
Much like blood-thirsty vampires, data brokers rarely enter the spotlight, but they’re always there, growing by the year. So much so that the data broker industry currently generates over 200 billion dollars in annual revenue. And as the Internet keeps growing, so do the brokers.
Lately, data brokers have become pretty big in the discussion on online privacy. In large, this is thanks to Last Week Tonight with John Oliver. So here’s the full bit of the show. It’s too good to miss:
What kind of data do data brokers collect?
So the Internet knows that I am looking for couches and then bombards me with bad ads. So what?
Oh, it gets so, so, so much worse than that.
Retargeted ads are the very basic level of what data brokers can do, how they operate, and how much they know about you. In reality, the rabbit hole goes much deeper. Just some of the basic information that data brokers collect about you includes:
- Full name
- Address of residence, as well as all of your previous addresses, countries, and places of living
- Telephone numbers, email addresses, and other contact information
- Gender and age
- Marital status
- Social security number and other identifiers
- Current occupation and previous jobs
- Owned real estate
- Purchasing habits
- Records of current and past loans
- Insurance information
- Medical records
- Vehicles that you own or owned, their insurance information, and accident records
We could keep going, but this seems bad enough.
All of this information is compiled into a nice, thick file on you personally, as well as segmented into different ‘audiences‘. And those segments can then be sold in bulk to whoever is interested in, say, real estate owning singles with bad insurance records and a history of substance abuse. Why? We don’t know, but they’re likely someone’s target audience.
Where do they get this information?
Oh, that one’s simple, you actually hand over most of this information to data brokers yourself. Probably without even knowing it.
There are numerous sources data brokers collect data from. And all of them might seem perfectly innocent by themselves, but, when combined, they create your online persona. You might disagree with it, or you might find it eerily spot-on, but it hardly matters what you think. What matters is that other companies are willing to pay good money for it.
While all of the sources that data brokers gather information from will probably never be known, even the very basic level of it is enough to make your skin crawl.
Your web browsing history
Every search engine query you ever look for, every website you visit, every like on every post you leave, every quiz you take, every form you fill out, absolutely everything you do online leaves a trace.
Most websites you visit function like tiny data brokers, and they are more than willing to sell all of that information to the bigger data mining companies. These then enrich this information with similar data from thousands of other sources, compile it into a profile, and segment it into various consumer categories.
The same goes for nearly every social media platform you like and use.
We all know the Facebook scandals that happen nearly every month, and they happen for a reason – social media platforms know a great deal about you and this is exactly what makes them multi-billion dollar companies.
Social media platforms actually don’t like to share the information they have. This is their greatest asset, so they tend to keep it for themselves and sell it on their own accord. This is a different rabbit hole we won’t go down just now.
However, most of the time social media platforms don’t even have to sell anything. Millions, nay, billions of social media accounts are right there in the open for everyone to see. What data brokers do is simply scrape those accounts for any information they find useful and take it for themselves. After all, the user didn’t bother setting their account to ‘Private‘ so that must mean they wanted to share the information, doesn’t it?
Google has become our go-to answer to pretty much anything in life. More often than not, we turn to search engines for answers first and trust what we find online more than family, professionals, or scientists.
Your search history makes it a great source of information on who you are, and most importantly – what you’re looking for. So you are basically doing all the work for the data brokers.
A lot of your information is public domain. Birth and marriage certificates, divorce, court, bankruptcy, vehicle records – it’s important that all of these things remain accessible for society to function as it should. However, this can also be used in lots of different ways.
Ever wonder why your car insurance is bleeding you dry? Well, you may have been in a car accident in your twenties, and now data brokers are just sharing this information with insurance providers who then label you a high risk. Simple as that.
Switching to plastic won’t help either. All of your registered loyalty cards and coupons contribute to building your purchase history and buyer habits profile.
While stores use this information themselves, they also often sell it to third parties. And this contributes nicely to building your consumer profile, as well as studying your interests and spending habits.
These days, every single website and app collects your personal information. And if you live in Europe, you are going to have to click away cookie consent on every website you visit which is basically the website’s annoying way of getting you to sign off on being OK with your information being collected and used.
Well, at least they ask, right? Albeit in the form of annoying popups.
This information is then bought by data brokers and used to build a better file on you. Can you imagine how many websites you visit daily, how many of them have your consent, and how many of them have a little bit of information about you? These are all tiny pieces of a puzzle that is your online profile.
These are just some of the sources that data brokers use to collect, build, and segment online profiles for billions of users. And it’s not like brokers have to go door to door to ask for your information. No. What they do is scrape the Internet for your data, and within minutes they have a neat picture of who you are. At least online.
That’s all it takes.
And then? Afterward, all of this information is analyzed, enriched, and segmented into various groups. The final step of this soulless conveyor belt is selling the data to whoever’s paying. Each segment has its own price tag, and the more intimate the data, the better the broker’s paycheck.
So how much are you worth?
How do data brokers use your data?
So now you know the ‘what’ and the ‘how’. All that’s left is the ‘why’. Why is anyone interested in buying information from data brokers and for what reason?
Well, this one should be obvious. To make some money off of you, duh!
See, cold calling is difficult and has a very low success rate. But if you know that Karen is a compulsive buyer, calling her about an exclusive deal on a Weedwacker with a milk frother suddenly has better chances for success.
So, yeah, most of the time, all kinds of companies license all kinds of information to just sell you stuff. However, if that were it, data brokers could cause about as much damage as regular Facebook ads – annoying, and highly invasive, but what can you do?
Sadly, though, this is far from it. There are a lot more creative uses for the data that brokers supply. Here are just some of the better-known uses for it:
Marketing, advertising, commerce
The most obvious is still the most common use. Advertising. User data is sold to tailor and run successful ad- and marketing campaigns, customer offers, etc.
This does not, however, only apply to the online. This data can also be used in offline targeting campaigns. Ever wonder why your mailbox gets a pile of junk mail? Well, here’s your answer.
But it doesn’t even stop there. Oftentimes information from data brokers is used during election campaigns by political parties to sway your decision in their favor. And here you were thinking it’s all about selling you things…
One of the legitimate reasons data brokers like to mention for their shady business is data fraud.
Lots of businesses, especially banks, insurance companies, and various financial institutions seek the services of information brokers to cross-reference the data you provide them with. The official reason for this is to avoid fraud and to conduct thorough background checks.
Fraud detection isn’t the only reason financial companies turn to data brokers though. Disguised as fraud detection is risk mitigation where companies use this data to calculate individual loan rates and risks.
For example, a sporadic purchase history may indicate that the person has a spending problem and likely has a lot of debt. And this would mean that he is more likely to default on a loan he is seeking to take. With this information in hand, banks are less inclined to approve a loan or set sky-high rates.
But it doesn’t necessarily mean something bad. An active gym membership or a loyalty card with a health food store would probably mean lower premiums on health insurance. So ‘yay’?
People search sites
One of the more egregious ways information supplied by data brokers can be used are people search sites.
Sites like Pipl, PeekYou, Spokeo, and many others let you look up people and get very personal information about them such as addresses, phone numbers, personal data, and much more. Information you’d probably want to keep out of the hands of randoms. These services are not free either and usually come for a price.
The data found on these kinds of websites is also usually supplied by data brokers.
These might be the most common clients for data brokers but it’s far from all of them.
Strictly speaking, anyone can license information from data brokers and use it for anything that’s technically legal. If you check out any of the big data broker customers, they range from some of the biggest world banks to media groups, to watch and man-purse retailers.
Everybody wants to know who you are.
Why is this bad?
The fact that there is someone out there carefully collecting every trace you leave behind on the web still might not seem that bad. Creepy, sure, but still not that bad.
However, this comes from not being fully aware of what data brokers can get their grubby little mitts on. The juiciest as well as most lucrative information they’re after lies far beyond the couch you want to buy, and includes:
- Medical information, diseases, and conditions you may have
- History and struggles with various substance abuse
- Mental issues, such as depression, and anxiety
- Shopping habits and patterns
- Charity contributions
- Specific civic status at this moment in time
So how would you feel if anyone could rummage through, say, your medical records?
And while it might seem that the only use this information has is selling you things, in actuality it does much more than spam you with ads. In the right… well, wrong? In the right wrong hands, this information is used to manipulate you, your perceptions of yourself and the world around you, and your entire reality. All so you could buy the ‘right‘ things, get the ‘right‘ treatment you might not even need, and even vote for the ‘right‘ candidate.
Seems like something straight out of George Orwell, doesn’t it?
But here it’s called “Better customer experiences through the ethical use of data and technology” (the slogan of Acxiom, one of the world’s biggest data broker companies).
How is any of this even legal?
This is the most pressing question when it comes to information brokers. And the first thing people naturally turn to is legislation. The law has to protect your privacy, right?
Well, generally speaking, yes, however, legislation is often vague on the matters of online information. So even though data brokers do run a shady business, it is technically possible for them to get everything they want about you without overstepping legal boundaries.
The EU has GDPR (General Data Protection Regulation) – the law that forces every online company to get the user’s consent in order to collect their data. This is why you see all of those cookie consent popups everywhere. This law also allows the user to request the deletion of their data from any company.
However useful, nobody actually reads consent forms and is eager to click the annoying popups away. Comfort gets in the way of privacy.
On top of that, any law of this kind is unavoidably vague. GDPR, for example, defines one of the core bases for data collection as “legitimate interest”. This has led to many speculations on what this actually means, leaving a lot of opportunities for data miners and information suppliers to take advantage of the law.
The US has it worse since there is no one law about user data protection. US legislation also varies by state. And this can range from somewhat strict to a data mining free-for-all.
And these are still ‘good‘ examples, where the law at least tries to take care of the user’s online privacy. Most other countries, unfortunately, still don’t have any kind of online data protection laws.
But, to be honest, even if they did, it would hardly matter.
Is my phone listening to me?
OK, couches aside, how is it possible for data brokers to get their hands on your medical information? That’s private, right?!
Right. But this only concerns what you tell your doctor. Not WebMD.
See, your medical records might be private, but your Google searches are not. And how many of us google signs of depression, or the 6 ways to combat anxiety, or eating disorder symptoms? How many of us have tried a free app to quit some nasty habit? Or followed a baby blogger on social media? Or signed a petition? Donated to a pet shelter? Or had too much wine one night and were looking at model ships on Amazon (it was one time, Karen!)?
This is more than enough for data brokers.
This information might arguably be more valuable to data brokers than actually seeing your medical records. With this kind of data, companies can play to your fears, uncertainties, and intimate desires that you think no one knows about because you think there’s no one around. And using this information they can coax you into a crippling model ship collecting hobby.
Whether it is the Weedwacker 5000, a prescriptionless weight-loss pill, or your next mayor, these might very well not be your choices to make anyone.
Data brokers collect and store massive amounts of personal data about you. That much is clear. But they claim to use it ‘ethically’ (whatever that means) and only share it with trustworthy businesses.
So if it’s this bad already, can you imagine what would happen if that kind of personal data would fall into the wrong hands? Good thing they are probably taking really good care of it…
Well, not exactly.
Some of the biggest data brokers have been hit by devastating data breaches, exposing sensitive information about millions, billions of users. Here are just some of the worst leak examples:
- Acxiom – one of the biggest data brokers has been hit by a massive data breach in 2003, exposing over 1.6 billion records. The incident happened again in 2020 when a leak exposed 51 million accounts.
- Equifax exposed records of 147 million users in 2017 and had to pay over 425 million dollars in settlement.
- Experian leaked over 10 million user records in 2015.
- Epsilon, one of the other leading data brokers, was also hacked leaking the data of millions of users.
When a data broker leaks its database, the victim remains completely exposed. And if you thought brokers were bad, a leak can expose your most sensitive information to straight-up criminals.
What happens after depends on what information data brokers stored and who got their hands on it. Breaches can result in anything from simple spam attacks, to phishing and spear phishing attempts, to even real-life scams and robberies.
Is there anything you can do?
This is still not the plot of a new Black Mirror episode. This is the reality you find yourself in daily. And if your skin is crawling reading this, that’s good. It means you still have a pulse.
So, the next logical question should be: What can you do to stop it?
Well, if going completely off the grid and living in a faraday cage off of homegrown tomatoes is not an option, not much. Data brokers operate in a semi-legal field, which means you can’t legally stop them from gathering information about you. At least, not in the moment.
However, there are certain things you can do right now to start taking back your online privacy.
Take your data off the market
You might not be able to stop data brokers from gathering your personal information, but you can stop them from keeping it.
Information suppliers work in the grey area of the law, but it’s still the law. So they must comply with it. And this is something you can use to your advantage by taking the fight to them in the form of data removal requests.
Legally speaking, data brokers have to remove any mention of you from their system if hit by a legal request. And this is the best, and probably the only way to keep your data out of the hands of the brokers.
However, as nice as this sounds, this system does have a few weak points:
- There are too many data brokers and companies that store records about.
- Filing data removal requests is a lengthy and complicated legal process.
- This takes a lot of time.
- As soon as your data is removed, no one is stopping data brokers from collecting it all over again, so you are going to have to repeat this process constantly.
Then again, there are services specifically made to help you.
Incogni, built by Surfshark – one of the world’s leading VPN providers – is an online service that is specifically designed to trace the information data brokers have on you and request data removal on your behalf. Continuously.
Signing up with Incogni takes about two minutes, and they instantly start handling all of the legal stuff on your behalf. For as long as you remain a subscriber.
So if you ever wanted to take your data off the market, this is the way to do it!
Use a VPN
Speaking of VPNs, you should use one.
Contrary to popular belief, VPNs can’t protect you completely. A lot of the time you have to subscribe to a service or comply with data collection to use it. A lot of your data is also gathered from offline sources, and there’s no controlling that.
However, a VPN can significantly lower the volume of data information brokers have on you.
In order to collect, study and store your online habits, data brokers have to trace your online activities. A VPN gives them a fake IP address, encrypts your data, and routes your connection through one of its own remote servers in Sasquatchastan or something leaving no trace of you on the web aside from the one you choose to leave.
Take matters into your own hands
Finally, you can take matters into your own hands and do everything yourself.
This isn’t easy, but it’s well worth it if you are into protecting your online privacy:
- Study the brokers that have your personal information and their privacy policies. Lists of well-known data brokers, such as Privacy Rights Clearing House, is a good place to start.
- Contact the companies that have your information.
- File data removal requests.
- Continue monitoring the situation and make sure your data stays off the market.
Other things you can do
There are some other things you can do to improve your online privacy. It might not keep your data out of the hands of brokers, but it will make fewer data available to them.
There are some of the things you can do:
- Removing some of your personal information from social media, such as birth dates which are often used as anchor points for brokers.
- Set your social media accounts to private.
- Remove and generally avoid free and unnecessary apps.
- Do not partake in online quizzes, lotteries, questionnaires, and the like which are often used for data mining.
- Use a tracker- and ad-blocked.
- Use temporary or throwaway email accounts to subscribe to various services.
You have the right to your data
We are huge privacy nuts. And it feels like privacy, anonymity and personal digital space have been phased out in favor of comfort, and data brokers tricking us into thinking that this is how it’s supposed to be.
Well, it’s not. And we’re on to you, data brokers.
This was just a little reminder that your data is valuable, you are valuable. And as much as your private property, your valuables, and things you own, no one should be able to randomly take your personal information and use it for their own gain. Your information is and should always be your own.
So next time you are tempted to take an online quiz on what kind of clown you are, remember that someone, somewhere, somehow will sell this data. Or better yet, sign up with services such as Incogni and check out just how many companies in the world store information on you and make them remove it.