Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Français
Entry № 305

Data Broker

Qu'est-ce que Data Broker ?

Data BrokerA business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.

A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.

Exemples

  1. 01

    An executive-protection team submits deletion requests to dozens of U.S. people-search data brokers via the upcoming California Delete Act central registry to suppress home-address exposure.

  2. 02

    A privacy review of a free mobile app finds that a third-party SDK silently sells precise GPS coordinates to a location-data broker.

Questions fréquentes

Qu'est-ce que Data Broker ?

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules. Cette notion relève de la catégorie Confidentialité et protection des données en cybersécurité.

Que signifie Data Broker ?

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.

Comment fonctionne Data Broker ?

A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.

Comment se défendre contre Data Broker ?

Les défenses contre Data Broker combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Quels sont les autres noms de Data Broker ?

Noms alternatifs courants : Information broker, People-search broker.

Termes liés