For younger users and those who grew up with the internet, it’s common knowledge that any time you use a website, it is highly probable that it is collecting data on you. For instance, have you ever visited a site and seen a pop-up informing you about cookies? And we’re not talking about Fig Newtons or Oreos. Cookies in the Internet world are bytes of information on your surfing habits. Over time, the collection can paint a very revealing picture of who you are and what you prefer. Does anyone care? Cookies are one example of data collection regulated in Europe where website operators must inform users when their data is being collected and stored. Users must also be informed about how that data will be used and that they can opt out of it if they choose. However, the disclosure of cookie policies is not regulated the same everywhere. Even sites without informational pop-ups are using them, you just may not be informed about it.
This sort of data collection happens everywhere online. Meta, Google, Amazon—all of these major companies want to collect your personal data. Typically this is done for the purpose of targeted ads. The major question is how they manage to collect this data. Cookies and other first-party methods are one way, but there is a plethora of different third-party ways your data can be gathered. Perhaps one of the lesser-known methods is through data brokers.
What is a data broker? In broad terms data brokers are defined as companies that “collect and sell information about people based on their online activity.” They accumulate your data through any avenue they can, including social media accounts, credit card companies, retailers, and apps. Some of the sources are more innocuous than others and are available to anyone, such as public records, but data brokers exist to aggregate all available information. They do the legwork so that they can sell your information at a premium. In 2021 Transparency Market Research valued the global data broker market at 240.3 billion USD.
The main buyers of this data are advertisers, but that doesn’t mean they are the only buyers. Sometimes other data brokers buy information from each other, repackage it, and resell it. A 2022 lawsuit that involved the illegal sale of raw consumer data between multiple data brokers gave users some insight into how non-transparent these business practices are. “The lawsuit shows just how easily the security of people’s data can be breached when it is passed from company to company…every time that user information changes hands, the data becomes newly vulnerable.”
Other customers include government agencies. In 2020 Vice reported that the U.S. military had been buying information from data brokers that was harvested from various mobile apps. Most notably the military purchased collections of individual location data from a popular Muslim prayer app. Many users felt that the sale of their data to the U.S. military was a betrayal and a failure on all accounts by the creators of the app. That the military is collecting data on certain types of users is perhaps not surprising, but it should be worrying.
Beyond just an invasion of privacy or a breach of trust, there are other concerns with data brokers. If the information falls into the wrong hands, people can easily end up harassed, doxed, or with their identify stolen. Data breaches are a big concern when so much sensitive data is kept in one place. There are even health insurance companies that use data brokers to determine your health costs. The world of data brokers is opaque to say the least and while what they do is considered legal, it should inspire you to protect yourself.