Data Brokers Control 70% Of Online Users' Personal Information

Uploaded on 2025-08-07 in NEWS-Cybersecurity News, FREE TO VIEW

A recent investigation by VPNmentor has revealed alarming insights into the global reach of data brokers.

The report finds that at least 70 per cent of the world’s online population now has their Personally Identifiable Information (PII) collected by these firms - often without explicit consent or awareness.

The findings highlight the power and pervasiveness of data broker activities, often hidden from public view yet deeply embedded in modern digital infrastructure.

In summary:-

70 per cent of online users globally have their PII collected by data brokers.
Over 5,000 terabytes of behavioural data are processed daily.
AI‑driven profiling is becoming built‑in and unavoidable.
Smaller data brokers evade scrutiny as attention focuses on larger entities.

Estimates suggest there are around 5,000 data broker companies operating worldwide, with revenues projected to exceed US $270 billion as the industry continues to expand. These firms gather data from public records, websites, apps, credit agencies, social media, and more, aggregating massive profiles on individuals.

Processing Petabytes of Personal Behavioural Data

The VPNmentor report states that over 5,000 terabytes of behavioural data are processed daily. This includes digital interactions across websites and apps, public services, and social platforms. Such volume emphasises not only the scale of data broker operations but also their increasing ability to track and profile individuals over time.

AI Makes Profiling Ubiquitous & Inescapable

A key concern highlighted is the role of artificial intelligence (AI) in expanding surveillance. The report warns organisations increasingly include Machine Learning scripts in apps or platforms as non-optional components - meaning every user is automatically profiled, whether they consent or not.

AI thus turns passive data collection into inescapable profiling, fundamentally eroding anonymity.

Small Brokers Slip Below The Regulatory Radar

While large brokers occasionally face scrutiny, the analysis notes that smaller or lesser-known data brokers often evade detection and policy enforcement. Regulators and advocacy groups tend to concentrate on prominent firms, leaving numerous niche operators free to continue to harvest and trade personal data with little oversight.

Data Broker Industry: Scale, Impact & Risks

Independent sources confirm that data brokers routinely aggregate identity and behavioural data across multiple domains. These include demographic and contact details, behavioural history, location data, purchasing habits, credit scores, and even sensitive attributes such as political beliefs or health-related indicators .

Acxiom, for example, claims to hold profiles on 2.5 billion individuals, entailing thousands of data points per person . The US data broker market alone is estimated at between $30 billion and $180 billion, with the global market valued at between $240 billion and $270 billion.

Surveillance & Profiling

Users leave digital footprintss - such as search queries, website visits, app usage, and social media activity - that are harvested to build detailed profiles. Even basic browsing involves re-identifiable behaviour patterns: studies show that just four domains visited by an individual are enough to uniquely identify up to 95 per cent of users.

Consumer & Societal Harm

Inaccurate or outdated profiles can misclassify individuals, leading to unfair denial of services, higher insurance premiums, or financial discrimination. Transparent control over personal data is often lacking, especially in jurisdictions without robust privacy laws.

Algorithmic Decision-Making

Data brokers feed databases used in algorithmic underwriting, tenant vetting, credit scoring, and profiling - systems that increasingly determine life‑changing decisions. Limited recourse is available when errors are embedded in opaque AI-driven decisions.

Current Regulatory Landscape

Privacy laws vary widely arounf the worls. GDPR laws in the EU offer stringent controls over data collection, usage, and breach notification. In contrast, the United States lacks comprehensive federal regulation, leaving enforcement to patchy state laws such as California’s data broker registry and opt‑out provisions.

Some US states require brokers to register and allow consumer opt‑out, but the industry largely remains opaque. Elevated markets such as California, Oregon, Texas and Vermont have introduced laws targeting brokers, though smaller operators often slip through gaps in enforcement ([Onerep][2]).

What Can Be Done?

1.Stronger Regulation and Transparency: Broader legal frameworks are needed to mandate data broker accountability, user consent, profiling transparency, and data accuracy controls.

2. Public Awareness and Advocacy: Most individuals remain unaware that their digital footprints feed commercial profiles. Empowering users through education and accessible opt‑out mechanisms is crucial.

3. Technology and Privacy Tools: Privacy tools such as tracker blockers, VPNs, and browsers enforcing opt‑in consent models can reduce visibility to brokers. Automated PII‑removal platforms also offer partial mitigation ([Onerep][2]).

4. Audit and Oversight of Smaller Brokers: Regulators should expand oversight beyond headline brokers to include smaller entities that aggregate and trade user data without transparency.

A Hidden Engine of Surveillance

The VPNmentor research shines a spotlight on the vast and often unseen dimension of data collection by brokers. With AI enabling automated profiling, daily processing of exobytes of human data, and a fragmented regulatory environment, the situation is profoundly concerning.

Understanding that 70 per cent of global online users are represented in data broker databases and that 5,000 TB of behavioural data is processed every day provides powerful context for rising privacy risks. As profiling via AI becomes ubiquitous and smaller brokers slip through regulatory cracks, urgent reforms and user protections are needed.

Without significant changes in policy, oversight, and public awareness, data broker activities will remain one of the most significant and opaque threats to individual privacy in the digital age.

Image: Rodion Kutsaiev

You Might Also Read:

Why Smarter Data Protection Is Now A Business Essential:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.