What is Data Broker?

Data brokers occupy a unique position in the privacy landscape because they aggregate personal information from public records, commercial sources, and other data providers to create detailed consumer profiles sold for marketing, risk assessment, and people search purposes. Under California law (Civil Code Section 1798.99.80), data brokers must register annually with the Attorney General and pay a registration fee. CPRA introduced the California Delete Act (SB 362), which created a one-stop deletion mechanism allowing consumers to request that all registered data brokers delete their personal information through a single request. Data brokers face additional obligations including heightened transparency about their data practices, restrictions on selling data of consumers who have opted out, and potential penalties for failing to register or comply with deletion requests. For organizations that share data with data brokers, CCPA requires that these relationships be disclosed in privacy notices and that opt-out mechanisms cover data flows to brokers. The evolving regulatory landscape suggests increasing scrutiny of data broker practices, making compliance in this area particularly important.