Data Broker.

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules. Относится к категории Приватность и защита данных в кибербезопасности.

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.

A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.

Защита от Data Broker обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Information broker, People-search broker.