Skip to content
All about casino & gambling.

Data Brokers Face Scrutiny: Uncovering the Sellers of Your Private Information

States are intensifying their scrutiny of data brokers and their questionable data handling methods. This piece sheds light on the kind of data collected, its significance, and strategies for regaining control over one's personal information.

 and  Administrator
3 min read
Data merchants under scrutiny: Reasons behind the criticism against information dealers
Data merchants under scrutiny: Reasons behind the criticism against information dealers

Data Brokers Face Scrutiny: Uncovering the Sellers of Your Private Information

The data broker industry in the United States operates by collecting, aggregating, and selling vast amounts of personal data from millions of Americans, often without their knowledge or meaningful consent. These companies compile data including names, contact details, demographics, purchase histories, real-time location, health information, and online behavior, then sell or share these profiles to marketers, businesses, and sometimes entities affiliated with foreign adversaries.

There is little federal oversight, leaving consumers vulnerable to privacy breaches, discrimination, and identity theft. Efforts to regulate data brokers currently occur mainly at the state level, with a patchwork of laws aimed at increasing transparency and consumer control over data.

State-Level Regulations

California has one of the strongest frameworks, requiring data brokers to provide a one-click opt-out mechanism and mandating routine audits to ensure compliance (the 2023 Delete Act, SB 362). This builds on the California Consumer Privacy Act to enhance consumer privacy rights comprehensively. Texas expanded its definition of data brokers and mandated that many more companies register and comply with consumer requests for access and deletion of data, thus broadening accountability. Vermont and Oregon have also developed strong registration laws for data brokers, although many companies avoid registering in multiple states, weakening enforcement.

Federal Regulatory Challenges

At the federal level, attempts to bring data brokers under regulation have faced significant challenges. The Consumer Financial Protection Bureau (CFPB) proposed classifying data brokers as consumer reporting agencies under the Fair Credit Reporting Act (FCRA), which would impose requirements for data accuracy, consumer consent, and access akin to regulations on credit bureaus. However, this proposal was withdrawn under the Trump administration, citing legal and statutory concerns.

The Federal Trade Commission (FTC) is leveraging the Preventing Assassination, Drug Trafficking, Forfeiture and Abuse Act (PADFAA) to restrict data brokers from sharing sensitive personal information with foreign adversaries. PADFAA applies regardless of data volume and prohibits sharing data with countries like China, Iran, North Korea, and Russia. However, the absence of comprehensive federal privacy legislation and a dedicated data protection agency limits effective nationwide oversight, leaving the data broker sector largely self-regulated and opaque.

The Need for Comprehensive Federal Legislation

Advocates emphasize the urgent need for a comprehensive federal privacy law and stronger enforcement mechanisms to protect consumer rights and privacy. The lack of a unified federal law results in a fragmented system where privacy protections depend on the individual's ZIP code. The American Privacy Rights Act (APRA) aimed to set nationwide rules for handling consumer data, but has struggled to gain bipartisan support.

In addition to federal legislation, privacy-first technologies, such as verifiable credentials, decentralized identifiers, and on-device data wallets, can help individuals maintain control over their personal information. Building a system where privacy is the default requires stronger privacy laws to limit data collection, greater transparency from platforms and data brokers, and cross-border collaboration among regulators.

Despite these challenges, progress continues to be made at the state level. For instance, Texas passed two laws, SB 1343 and SB 2104, that expand who qualifies as a data broker under state law and require more companies to register and follow privacy rules. Oregon followed with updates in 2023, requiring clear consumer notices and stronger rules for responding to data requests.

However, the industry remains largely unregulated, with only one in ten data brokers offering a clear way for users to opt out of data sales or sharing. A 2025 study found that nearly 43% of registered data brokers in California did not respond to consumer data requests, violating the state's privacy law. The types of data traded by data brokers include home addresses, income brackets, GPS locations, voter registration records, browsing behavior, purchase history, health status assumptions, political views, and sensitive categories based on race, religion, or income level.

As the data broker industry continues to evolve, the need for comprehensive federal privacy legislation and stronger enforcement mechanisms becomes increasingly urgent to protect consumers' personal information and ensure their right to privacy.

  1. The data broker industry collects diverse information, ranging from personal finance details to fashion-and-beauty trends, home-and-garden preferences, food-and-drink habits, and more.
  2. California's 2023 Delete Act, SB 362, mandates data brokers to provide a one-click opt-out mechanism and regular audits to ensure compliance.
  3. Texas has expanded its data broker definition, requiring more companies to register and adhere to consumer data access and deletion requests.
  4. Vermont and Oregon have implemented strong data broker registration laws, although compliance can be weakened by companies avoiding multiple state registrations.
  5. The Consumer Financial Protection Bureau proposed classifying data brokers as consumer reporting agencies, imposing similar regulations to credit bureaus, but withdrew the proposal under the Trump administration.
  6. The Federal Trade Commission uses the Preventing Assassination, Drug Trafficking, Forfeiture and Abuse Act to restrict data brokers from sharing sensitive data with foreign adversaries.
  7. The American Privacy Rights Act aims to set nationwide rules for consumer data handling, but has faced challenges in gaining bipartisan support.
  8. Privacy-first technologies, like verifiable credentials and on-device data wallets, empower individuals to control their personal information.
  9. As the data broker industry grows, the need for comprehensive federal privacy legislation and stronger enforcement mechanisms arises to secure consumers' personal data and uphold their privacy rights.

Read also:

    Related

    Latest