A data broker doesn’t know your stalker. It doesn’t care. It sells your home address, phone number, workplace, and daily patterns to whoever pays, and the industry’s record shows it has very little interest in asking why.
This is not a hypothetical problem. Cases where personal data obtained from people-search sites enabled harassment, stalking, and violence have been documented by journalists, researchers, and law enforcement agencies. The structural issue is simple: these services aggregate publicly available records and sell them in a form that would otherwise take significant time and skill to compile. They lower the barrier to finding someone who doesn’t want to be found.
What a Data Broker Actually Does
The term “data broker” covers a range of companies, but the relevant category here is consumer data aggregators, companies like Spokeo, Whitepages, BeenVerified, and dozens of others that compile profiles on individuals from public records, social media, commercial databases, and purchased data sets.
A typical data broker profile contains: full name, current and previous addresses, phone numbers, email addresses, relatives’ names and contact details, estimated age, property records, and sometimes employment history or court records. This information is sold as-is or offered through subscription search services accessible to anyone with a credit card.
The primary market is ostensibly background checks and reconnecting with lost contacts. The actual buyers are more varied, and the industry has no meaningful mechanism to screen intent.
The Stalking Connection
The link between these databases and stalking and harassment is well documented at the policy level. The US Federal Trade Commission has published multiple reports on industry practices, noting the absence of meaningful consent mechanisms and the challenge of opting out. Privacy researchers at academic institutions have repeatedly demonstrated how easily a people-search profile can be assembled into a comprehensive surveillance package.
The specific harm pattern is straightforward: a person attempts to leave a relationship or a job, moves to a new address, changes their phone number. Without these services, rebuilding physical anonymity is achievable, not easy, but achievable. With them, a current address can be found in minutes from a previous address, through family member listings, or through property records that updated automatically when a mortgage was recorded.
Domestic violence organisations have flagged this problem explicitly. The National Domestic Violence Hotline and similar organisations include opt-out guidance from these services in their safety planning resources, an implicit acknowledgment that removing oneself from these databases is now part of physical safety planning, not just digital hygiene.
The Regulatory Gap
The United States has no comprehensive federal law governing data broker activity. California’s Consumer Privacy Act (CCPA) gives California residents the right to request deletion of their data from companies that meet certain thresholds. The EU’s GDPR provides broader “right to erasure” protections for European residents. But for most Americans, the only mechanism for removal is the individual opt-out systems maintained by each broker, often deliberately cumbersome, requiring different formats per site, and sometimes expiring after a few months.
Researchers have counted over 200 people-search sites operating in the US. A manual opt-out campaign, even if executed perfectly, takes dozens of hours and provides only temporary relief. Most opt-out requests do not propagate to downstream data licensees.
What Meaningful Reform Would Actually Require
Data broker regulation is not technically difficult. It requires a legal framework that classifies aggregated personal profiles as personal data with attendant rights, mandates opt-out or opt-in mechanisms that are standardised and universally accessible, and creates enforcement mechanisms with actual teeth.
The lobbying opposition is substantial, the industry argues it provides valuable services for background checks, fraud detection, and people-search, and the legislative record in the US has so far produced targeted state laws rather than a federal standard. Until that changes, the responsibility for removal falls on individuals, one opt-out form at a time.
For anyone with a specific reason to limit their digital footprint, survivors of domestic violence, people in contentious custody situations, journalists, public-facing individuals who receive targeted harassment , the current legal framework puts the burden in exactly the wrong place.
Sources
- FTC: Tech Policy and Privacy Research, Data Brokers , foundational regulatory analysis of the data broker industry
- Auxier, Brooke et al. “Americans and Privacy,” Pew Research Center, November 2019. pewresearch.org , survey data on public attitudes toward data collection and broker practices
- Electronic Frontier Foundation: Privacy , ongoing coverage of privacy regulation and digital rights
