Skip to content

Understand the ecosystem

What Is a Data Broker, and What Do They Do?

A calm, factual explainer on the companies that collect and trade personal information — what they are, where their data comes from, and the rights you already have.

In short

A data broker is a company that collects personal information about people — usually from public records and openly available online sources — and organises it into profiles that it licenses or sells to others. Most people never deal with brokers directly, but you have rights to ask one what it holds about you.

What a data broker is

A data broker is a business whose product is information about people. It gathers personal details from a range of sources, organises them into profiles, and then licenses or sells access to those profiles to other organisations — for purposes such as marketing, identity checks, or background screening. The defining feature is simple: you are usually not the broker's customer, you are the subject of the records it trades.

Brokers go by many names — data aggregators, list brokers, people-search sites, or information services. What they share is a business model built on assembling personal information at scale. Most people have never knowingly given a broker their details, yet a profile may still exist, because the information is gathered indirectly rather than collected from you face to face.

It helps to be calm and factual here. A data broker is not watching you or doing anything secret in real time — it is compiling information that, for the most part, already exists in public and commercial sources. Understanding that this ecosystem exists is the first step toward knowing what rights you have within it.

  • The product is personal information about people, not a service sold to those people.
  • You are typically the subject of the records, not the paying customer.
  • Profiles are assembled from existing sources rather than collected from you directly.

Where their information comes from

Most of what a data broker holds is drawn from openly available sources. Public records are a common starting point — electoral or registration rolls, company filings, property and court records, and similar documents that are open by law or convention. To this, brokers may add information from publicly visible online activity, directories, and details that organisations have shared under their own terms.

Brokers then combine these fragments. A single record from one source may say little, but matched against others it can build a fuller picture: a name linked to an address history, an approximate age, household details, or inferred interests. This matching and enrichment is the core of the work, and it is why a profile can feel more complete than any one source you remember.

Because the inputs are spread across many places, it is often hard to know exactly what any one broker holds — which is precisely why a formal right to ask exists. Seeing the picture is not about alarm; it is about being able to check, calmly, what has been assembled and decide whether you want to act.

  • Public records — registration rolls, company filings, property and court records.
  • Publicly visible online information and directories.
  • Details shared by organisations under their own terms, then matched and combined.

Your rights, and how to use them

You are not a passive subject in this ecosystem. Under the UK GDPR, the right of access (Article 15) lets you ask an organisation — including a data broker operating in or serving the UK — to confirm whether it holds personal data about you and to give you a copy, along with information about where it came from and how it is used. This is done through a Data Subject Access Request (DSAR).

If you would like certain information removed, the right to erasure (Article 17) lets you ask an organisation to delete personal data about you in certain circumstances. Whether erasure applies depends on the situation and the lawful basis the organisation relies on, so it is a request you make and they assess — not an automatic outcome. The decision rests with whoever holds the data.

OSINTA is a self-only tool: it helps you understand your own footprint and frame and route your own requests, with your findings in front of you, and you decide every step. It does not remove data for you, does not watch anyone, and cannot promise an outcome, because that rests with the organisation you contact. This is general information, not legal advice; if you are unsure about your specific situation, consider speaking with a qualified professional or your data-protection regulator, the Information Commissioner's Office (ICO).

  • Right of access (Article 15) — ask what a broker holds, via a DSAR.
  • Right to erasure (Article 17) — ask for certain data to be deleted, where the rules allow.
  • You decide each step; nothing is done on your behalf without your say-so.

Frequently asked questions

Is a data broker the same as my digital footprint?

No. Your digital footprint is the open, already-public trail of information about you across the internet. A data-broker profile is something a company actively assembles and sells — it combines personal information, often from public records and online activity, into a record it licenses to others. Your footprint exists in many places; a broker's profile is one organisation's compiled version of part of it.

How do I find out if a data broker holds information about me?

You can make a Data Subject Access Request (DSAR) — your right under the UK GDPR (Article 15) to ask an organisation for a copy of the personal data it holds about you. A short written request to the broker's privacy contact is enough; it should confirm what it holds, where it came from, and how it is used, usually within one calendar month.

Can I get my information removed from a data broker?

Sometimes. The right to erasure (Article 17) lets you ask an organisation to delete personal data about you in certain circumstances, and many brokers also offer their own opt-out or removal processes you can use directly. Whether removal applies depends on the situation, so it is a request you make and they assess — no tool can guarantee the outcome, because that decision rests with the organisation holding the data.

Are data brokers legal?

Operating as a data broker is not unlawful in itself, but brokers that handle personal data of people in the UK must comply with data-protection law, including the UK GDPR. That law gives you rights — such as access and, in certain cases, erasure — and gives the Information Commissioner's Office (ICO) a role in oversight. This is general information, not legal advice.

Related terms

This is general information, not legal advice. For guidance on your own situation, consider speaking with a qualified professional.

Reviewed by OSINTA's founding lawyer — 2026-06-27.

See what your data rights look like in practice

OSINTA helps you understand your own footprint and exercise your own rights — you stay in control of every step. There is no rush and no pressure.

See the DSAR guideJoin the waitlist