Data Broker
¿Qué es Data Broker?
Data BrokerA business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.
A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.
● Ejemplos
- 01
An executive-protection team submits deletion requests to dozens of U.S. people-search data brokers via the upcoming California Delete Act central registry to suppress home-address exposure.
- 02
A privacy review of a free mobile app finds that a third-party SDK silently sells precise GPS coordinates to a location-data broker.
● Preguntas frecuentes
¿Qué es Data Broker?
A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules. Pertenece a la categoría de Privacidad y protección de datos en ciberseguridad.
¿Qué significa Data Broker?
A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.
¿Cómo funciona Data Broker?
A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.
¿Cómo defenderse de Data Broker?
Las defensas contra Data Broker combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para Data Broker?
Nombres alternativos comunes: Information broker, People-search broker.
● Términos relacionados
- privacy№ 914
Información de Identificación Personal (PII)
Cualquier dato que permita identificar a una persona específica por sí solo o combinado con otra información, como nombres, identificadores o registros biométricos.
- privacy№ 306
Clasificación de datos
Proceso de etiquetar la información según su sensibilidad y valor para aplicar de forma coherente los controles de protección, tratamiento y retención adecuados.
- privacy№ 315
Retención de datos
Políticas y controles que definen durante cuánto tiempo se conservan las distintas categorías de datos y cuándo se eliminan, archivan o anonimizan de forma segura.
- privacy№ 1039
Derecho al olvido
Derecho del interesado a obtener la supresión de sus datos personales cuando ya no exista un motivo legal preponderante para seguir tratándolos, conforme al artículo 17 del RGPD.
- compliance№ 488
RGPD
Reglamento General de Protección de Datos de la Unión Europea que regula el tratamiento de datos personales de personas en la UE y el EEE.
- compliance№ 167
CCPA
Ley de Privacidad del Consumidor de California, ley estatal de EE. UU. que otorga derechos a los residentes de California sobre su información personal.