About 40% of internet users have between two and 11 points of exposed personal data online and the remaining 60% of users have at least 12 points of exposed personal data online, according to cybersecurity firm Bitdefender. Those data points can include a person’s address, date of birth, marital status and phone numbers. Some of those data points can be accessed through social media profiles, but others can be found in more innocuous websites, too.
Gennie Gebhart, the Electronic Frontier Foundation’s activism director, told CNET that if you’re involved with a community sports team, for example, you might connect your email and phone number to that team online for any number of reasons. Your information might also be attached to your child’s school, your local church or any other community organization you are associated with.
There is a whole digital ecosystem surrounding the collection, aggregation and usage of your online personal data. A lot of data is collected by what are called data brokers. There are also personal data deletion services that can help you find and delete your data from data brokers. While these services can be useful in certain situations, it’s important to understand that they aren’t “one and done” changes. The overall number and nature of data brokers means that the data deletion services are locked in a constant struggle to delete, redelete and redelete again the information about you as it returns to the online sphere, over and over.
Here’s what you should know about data brokers and personal data deletion services.
Data brokers are collecting information on you
Before we talk about data deletion services, we should talk about what data is being collected, how it’s being collected and who’s looking at it. Data brokers, also known as information brokers, are companies like Acxiom, CoreLogic and Equifax Information Services that collect and sell information about people based on their online activity. You might recognize Equifax as a credit bureau, but you might not have realized that the company also offers marketing services for businesses.
That’s probably because the data brokerage industry is highly lucrative. According to Transparency Marketing Research, the industry’s market value was over $240 billion in 2021, and it’s estimated to be worth over $462 billion in the next decade.
Data brokers collect information on you from a combination of sources, like public records and your search history. According to Norton, brokers also purchase or collect your information from other sources like credit card companies and even online sweepstakes you’ve entered.
The information collected by these brokers is sold to and used by businesses and insurance firms. According to Business Daily News, businesses use this data for a variety of reasons, like improving their customer’s experiences and refining marketing strategies. NPR reported that insurance firms use data from data brokers to help determine how much a person will pay for insurance.
That same information can also be used by people finder sites like People Finder and the US government. For example, a report by the American Civil Liberties Union of Colorado and several immigration advocacy groups alleges that US Immigration and Customs Enforcement has to circumvent states’ immigration sanctuary city laws. One data broker, called Fog Data Science, also allegedly sells the location data of American citizens to police departments, according to the EFF.
The dangers of data brokers
While some data brokers say the data they collect and aggregate is anonymized, the information can be de-anonymized. A study published in Nature Communications found that with 15 demographic data points, a person could be identified with a 99.98% certainty. That information could put you in danger of people who wish to harass you.
Health insurance companies are also buying and using this data to determine how much medical coverage a person receives. In the words of one insurance salesperson according to NPR, “God forbid you live on the wrong street these days. You’re going to get lumped in with a lot of bad things.”
Some experts even say data brokers are a threat to democracy. Justin Sherman, a nonresident fellow with the Atlantic Council, said in an interview with the CDA Institute that data brokers can be used to exploit a person’s and a country’s security.
“Foreign states can use or buy data on citizens to target disinformation campaigns,” Sherman said. “You can go buy Excel spreadsheets with this information… Do we want these companies to be able to buy up, aggregate and then sell all of this data on citizens to enable civil rights abuses, consumer exploitation, and threaten national security?”
Personal data deletion services: Helpful, but not a cure-all
So, what can you do about it? You can contact these brokers and request they delete your information from their systems. However, it can be difficult to find the opt-out forms, and you have to provide various forms of identification proving the information you are requesting them to delete is your information. The process can also take anywhere from a few days to weeks to complete. Personal data deletion services offer a way to expedite the process.
Personal data deletion services go by a lot of different names, including personal information removal services, privacy information removal services and data removal services, and include services like Incogni, Privacy Bee and DeleteMe.
These are subscription-based services that find your information on data brokers and people-finder sites and request its removal. While you can remove your data from data brokers yourself through various opt-out forms, these services handle a lot of the legwork.
The reason these services are subscription based rather than one-time uses is because data brokers and people finder sites can still get your information after it’s been deleted.
Gebhart told CNET that these services can be beneficial to people who are worried about being harassed, stalked or doxed. However, she said these services are not very efficient, and part of the reason is they don’t cover the whole internet.
According to McAfee, there are an estimated 4,000 active data brokers. Data removal services remove your information from any number of databases, but these services won’t get every instance of your information online.
Data deletion services cover a fraction of active data brokers. DeleteMe, for example, says it covers over 580 data brokers, which is high compared to other services like My Data Removal which covers more than 100 data brokers.
Some data brokers don’t allow third parties to request information be deleted on a person’s behalf, either, according to McAfee. That means you have to request these data brokers delete your information yourself — a personal data deletion service can’t do it.
There is also no way to check if data brokers comply with these requests to delete your information. Personal data deletion services, to their credit, say as much on their websites.
“We cannot guarantee that data brokers removed your personal data,” Incogni writes in an online FAQ.
“Really, the only thing you can do is monitor your data for breaches,” Privacy Bee writes on its FAQ page. “If a company is breached and your information is leaked, then you’ll have a clear indication that this company didn’t do what you asked them to do!”
Gebhart said these services are like “high-stakes Whack-A-Mole,” and noted that “there’s always going to be something they miss.” But she said using these services to protect yourself online is still a step in the right direction to guarding your information on the internet. Some states, like California and Vermont, have already passed legislation to help protect people’s online data.
“The little things you do to protect yourself make a difference,” Gebhart said. “They also send a message — the more we adopt these protective things, the more that [data brokers are] not going to be effective for advertisers and trackers.”
For more on how to protect your data online, check out these and .