🧠 Cyber Security 203: How Data Brokers Profit from Your Identity

And how to opt out, push back, and protect your data — UK & EU edition

You’ve never heard of them, but they know everything about you.

Data brokers sell your identity—names, browsing habits, property records, purchases, email addresses—without asking.

Here’s how they work. And how to stop them.

---

🕵️ Who Are Data Brokers, and What Do They Collect?

Data brokers are companies that collect, combine, and sell personal information about individuals—often without your consent.

They gather data from:

• 🧾 Public records

• 🛍️ Shopping habits

• 🍪 Cookie trackers and browser fingerprinting

• 💳 Financial services

• 📬 Newsletter and giveaway sign-ups

Your profile is then sold to:

• Advertisers

• Credit agencies

• Political campaigns

• Insurance companies

• Recruiters

Sources:
🔗 Kaspersky – How to stop data brokers from selling your personal data
🔗 EPIC – What Are Data Brokers?

---

🏢 Major Players in the Data Brokerage Industry

Some of the biggest names in the industry include:

• Experian – Credit bureau also selling marketing data

• Equifax – Offers predictive insights to insurers and marketers

• Acxiom – Behavioural profiling and data enrichment

• Epsilon – Tracks consumer behaviour for targeted ads

• CoreLogic – Focuses on mortgage, property, and financial history

More info:
🔗 BuiltIn – 10 Top Data Broker Companies
🔗 OneRep – Top 5 Data Brokers and Their Privacy Impact

---

🛡️ How to Opt Out (Step-by-Step)

Opting out can be time-consuming, but it’s absolutely worth it. Start here:

1. Find Who Has Your Info

Check these directories:

• 🔗 OneRep Broker List

• 🔗 JustDeleteMe

• 🔗 Privacy Rights Clearinghouse

2. Go to Their Opt-Out Page

Each broker has its own form or email process.

3. Submit the Request

You’ll often need to provide your name, email, and possibly proof of ID.

4. Confirm and Follow Up

Some brokers send confirmation emails. Check back periodically.

5. Automate the Process (Optional)

Consider tools like:

• 🔗 DeleteMe

• 🔗 Mine

---

🇬🇧 GDPR Rights You Should Be Using (UK/EU)

The General Data Protection Regulation (GDPR) empowers you to take control of your data.

Here are your key rights:

• 📝 Right to Access – Ask what personal data they have about you

• ✏️ Right to Rectification – Request corrections to inaccuracies

• 🗑️ Right to Erasure – The "Right to be Forgotten"

• ⛔ Right to Restrict Processing – Limit how your data is used

• 📢 Right to Object – Especially useful for stopping direct marketing

To exercise these:

• Contact the company’s DPO or use their GDPR request form

• State: “This is a request under Article 15 of the GDPR”

• Include ID if required

• File a complaint with the appropriate authority if ignored:

  • 🔗 UK ICO – Make a Data Complaint

  • 🔗 EDPB – European Data Protection Board

Legal references:
🔗 UK Government – Data Protection
🔗 Privacy World – GDPR Overview

---

🔗 Related Reading from The Cyber Compass

• 🧠 Cyber 106 – What’s a Digital Footprint (and How to Clean Yours Up)

• 🔍 Cyber 201 – How You’re Still Being Tracked Without Cookies

• 🛑 Cyber 105 – Public Wi-Fi & Social Engineering

---

💬 Final Thoughts

Your data isn’t just personal—it’s profitable. And you don’t get a cut.

But you do have rights. You do have tools. And you’re not alone in this.

Use the law. Use your voice. Use The Cyber Compass.

---

✒️ Until next time,

Heather Roache
Founder of The Cyber Compass
Real tools. Real insight. No fear tactics.

---