Data Broker
Was ist Data Broker?
Data BrokerA business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.
A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.
● Beispiele
- 01
An executive-protection team submits deletion requests to dozens of U.S. people-search data brokers via the upcoming California Delete Act central registry to suppress home-address exposure.
- 02
A privacy review of a free mobile app finds that a third-party SDK silently sells precise GPS coordinates to a location-data broker.
● Häufige Fragen
Was ist Data Broker?
A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules. Es gehört zur Kategorie Datenschutz der Cybersicherheit.
Was bedeutet Data Broker?
A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.
Wie funktioniert Data Broker?
A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.
Wie schützt man sich gegen Data Broker?
Schutzmaßnahmen gegen Data Broker kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für Data Broker?
Übliche alternative Bezeichnungen: Information broker, People-search broker.
● Verwandte Begriffe
- privacy№ 914
Personenbezogene Daten (PII)
Daten, die allein oder in Kombination mit anderen Informationen eine bestimmte Person identifizieren können, z. B. Namen, Identifikatoren oder biometrische Merkmale.
- privacy№ 306
Datenklassifizierung
Prozess der Kennzeichnung von Daten nach Sensibilität und Wert, damit Schutz-, Handhabungs- und Aufbewahrungsmaßnahmen konsistent angewendet werden können.
- privacy№ 315
Datenaufbewahrung
Richtlinien und Kontrollen, die festlegen, wie lange Datenkategorien aufbewahrt und wann sie sicher gelöscht, archiviert oder anonymisiert werden.
- privacy№ 1039
Recht auf Vergessenwerden
Recht einer Person, die Löschung der sie betreffenden personenbezogenen Daten zu verlangen, wenn keine überwiegenden rechtlichen Gründe für die weitere Verarbeitung bestehen (Art. 17 DSGVO).
- compliance№ 488
DSGVO
Datenschutz-Grundverordnung der Europäischen Union, die die Verarbeitung personenbezogener Daten von Personen in der EU und im EWR regelt.
- compliance№ 167
CCPA
California Consumer Privacy Act — US-Datenschutzgesetz des Bundesstaates Kalifornien, das Kalifornierinnen und Kaliforniern Rechte über ihre personenbezogenen Daten gewährt.