Data Broker.

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules. 它属于网络安全的 隐私与数据保护 分类。

A business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.

A data broker is a business whose primary activity is the collection, aggregation, and resale of personal information about consumers with whom it has no direct relationship. Inputs include public records (court filings, voter rolls, property), commercial sources (loyalty programs, retailers, telcos, ISPs), observed online behavior (advertising IDs, location SDKs), and people-search scrapes. Outputs range from people-finder sites to enterprise marketing, debt-collection, risk-scoring, and increasingly to private intelligence and national-security buyers. Regulation has accelerated. California's SB 362 (Delete Act, 2023) requires data brokers to register and to honour deletion requests via a single central interface starting in 2026. Vermont, Texas, Oregon, and other U.S. states maintain registries. The EU GDPR treats brokers as 'controllers' subject to data-subject rights and Article 14 information obligations even when data is collected indirectly. The U.S. CFPB has pursued data brokers under FCRA, and federal proposals continue to address bulk data sales to foreign adversaries. For privacy programs, data brokers are an underestimated source of PII and a documented vector for executive-protection and physical-safety risks.

针对 Data Broker 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Information broker, People-search broker。