Why data brokers build dossiers on you, and how to stop them doing so

Thousands of companies exist for one purpose only: to collect and resell information about each of us. How do they do it, how can you limit data collection, and how do you delete what’s already been collected?

How to remove your information from personal data brokers' databases

Data brokers compile extensive dossiers on you to resell later. They’re interested in all of us — hundreds of millions of folks worldwide — and they don’t ask for our permission or pay us any compensation. Most of these companies aren’t well known, and you’ve likely never had any direct contact with them. But there are around a thousand of them in the U.S. alone, and five times as many worldwide. This market was estimated at nearly $300 billion last year. Data brokers’ clients include banks checking credit history, retailers looking for new customers, intelligence agencies, and many other organizations that need detailed data on individuals.

What do data brokers collect, and where from?

Data brokers collect anything and everything they can get their hands on. Most often:

  • Personal information: full names, physical addresses, dates of birth, phone numbers, email addresses, identification numbers (passports, driver’s licenses, social security numbers, etc.)
  • Age, gender, origin, marital and financial status, level and type of education
  • Number and type of pets
  • Car make and mileage
  • Geolocation data: likely places of work and residence, favorite stores, entertainment spots
  • Details on online and offline purchases, membership in retailer loyalty programs, favorite brands
  • Detailed financial information: creditworthiness, number and types of accounts, deposits, investments, mortgages, credit card habits, bankruptcy data
  • Online behavior data: favorite websites, types of content frequently viewed on social media, hobbies, recently viewed ads, etc.
  • Health information, including data on medication purchases, online symptom searches, data from fitness apps
  • Habits, interests, political and religious beliefs, favorite media outlets
  • Social connections: family members, coworkers, friends

To compile such an intimidatingly detailed file, brokers download any publicly available data (social media profiles, business registries, real estate registries, online classified ads), request information from credit bureaus, and buy data from each other. They also purchase data from loyalty programs, and analytics from gadget vendors. And they collaborate with online advertising and tracking firms — especially those that place ads in mobile apps.

All this information is cross-referenced using recurring identifiers (email addresses, phone numbers, names and addresses, ID numbers) to enrich each profile.

What’s so bad about data collection?

Collected and resold data has an invisible yet significant impact on your life. Why were you denied a loan, or why did your insurance premium go up? How come real estate agents have your phone number when you only decided to buy a house yesterday? According to a U.S. Senate committee investigation, some data brokers’ collections are clearly designed to exploit people’s difficult circumstances. The names of these datasets speak for themselves: “Rural and Barely Making It”, “Retiring on Empty: Singles”, and “Tough Start: Young Single Parents”. Information like this is often purchased by payday loan providers. Other collections are ominously named too, such as “Individuals who recently visited abortion clinics”.

In an extreme example from 2025, a killer bought data on victims’ residential addresses from publicly available data broker websites to track and assassinate political targets in the U.S.

The same Senate investigation highlights that brokers usually operate in secrecy. They collect data without directly interacting with consumers, often hide their data sources, and prohibit their buyers from revealing where contact lists were obtained.

Note that data brokers, like any other companies, are vulnerable to cyberattacks. When they’re breached, the data they’ve collected falls into the hands of true cybercriminals. The scale of the consequences for victims of a data breach can be illustrated with just one case: last year, hackers stole a database containing 2.7 billion records from a company named National Public Data. The records included full names, addresses, dates of birth, phone numbers, and social security numbers (SSNs). It’s believed that the breach affected every US citizen or resident with an SSN!

The challenges of getting your data removed

While the world is gradually introducing legislation to force data brokers to comply with user requests to find and remove personal information, the process can be quite challenging in practice.

  • There’s no centralization. You have to search for your own data on each data broker’s website and make separate removal requests.
  • Even locating data brokers — not to mention the page on their website where you can make a request — can be fraught with difficulty. According to a recent study by The Markup, in California alone — where local legislation mandates centralized registration of data brokers and requires data removal upon a user request under the CCPA — 35 out of 499 registered data brokers prohibited search engines from indexing and displaying their data removal pages. The removal link itself is often buried deep in the website’s footer or elsewhere (in one case it was found on page 15 of the privacy policy).
  • Information removal requests are often complex and consist of multiple steps. They may even require more personal data from you to prove that you are indeed you, and you have the right to submit a request. A study by UC Irvine highlighted some exotic methods of identity verification, such as providing your zodiac sign or your monthly car loan payment amount. If the request isn’t worded correctly or the verification data isn’t provided, the request is ignored.
  • The same study found that, out of 454 information removal requests submitted, 195 (43%) were ignored.

How to actually remove yourself from data brokers’ databases

If you’re up for a challenge, arm yourself with both patience and a spreadsheet (in Excel or similar), and follow our instructions:

  • First, identify the data brokers you want to contact. You can find a full up-to-date list from the Privacy Rights Clearinghouse, but it’s heavily focused on U.S.-based companies. While they’re the biggest players in the market, be sure to find brokers specific to your region as well.
  • Create and save a standard template for your removal request email. The message should include your key personal details and reference the applicable laws in your case: CCPA for California residents; GDPR for the EU; UK-GDPR for the UK; LGPD for Brazil; 152-FZ for Russia. Even if you don’t live in one of these regions, you can still reference CCPA or GDPR — some providers will honor the request without verifying if the law directly applies to you.
  • For each data broker, locate the page for submitting a request, which might be named “Opt Out”, “Do Not Sell”, “Privacy Request”, “Right to Delete”, “Right to Be Forgotten”, or something along those lines. Your best bet is to start by looking for small-print links in the footer of the web page. If you can’t find anything there, check the privacy policy section. You can also try a Google search.
  • Carefully review the broker’s specific requirements. If they require you to send a request via email, simply send your template to the provided address. If an online form is required, fill in the fields using snippets from the same template.
  • In your spreadsheet, indicate the name of the broker, the date you submitted the request, and the URL of the request page (so you don’t have to search for it again).
  • Be patient — a response (if you get one at all) could take up to six weeks. This is where your spreadsheet comes in handy — you can use it to track response times and send follow-up requests as needed.
  • For those who lack the time or patience, there are paid services that can automatically send these requests for you.
  • Most importantly, this isn’t a one-time process. Data about you is constantly being collected and sold to brokers, so you should go through the same list again every three to six months.

How to stay off data brokers’ lists in the first place

It’s near impossible to avoid getting noticed by data brokers altogether, but you can minimize the amount of data they collect.

  • Use multiple email addresses and phone numbers. One for communicating with friends, family, banks, and government agencies. A different one for online stores and non-essential services. You can even use more than two email addresses.
  • Provide minimal information to loyalty programs.
  • Go through the settings in your online banking apps and on your favorite e-commerce sites. Make sure you’ve turned off all permissions in sections like “Marketing Data”, “Advertising Preferences”, and “Partner Offers”. Feeding data to brokers is often disguised under phrases like “Show me ads based on my interests”.
  • Turn off and reset advertising IDs on your smartphone.
  • Disable location tracking for most of your apps.
  • Use the privacy settings in social networks and messaging apps.
  • Use a private browser or an app that protects against online tracking. Special privacy features are available in Kaspersky Premium.
  • Take advantage of our free Kaspersky Privacy Checker service to adjust your privacy settings everywhere — from social networks to operating systems.
  • Subscribe to our read our Telegram channel to be the first to learn about new threats to your privacy and how to combat them. For example, we'll soon be publishing detailed instructions on how to minimize and clean up your digital footprint (for both adults and minors).

Other posts about how your personal data is collected and how to fight back:

Tips
  • For all other countries