We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

User Profiling and Data Brokers: What Do They Know About Us?

Krista Reyes First published on 18th February 2025 Cybersecurity Researcher

Graphic with the key takeaways from the article, including increased privacy concerns.

The boom of artificial intelligence (AI) in 2024 has revealed countless innovative potentials for businesses, industries, and the digital space. But its rapid rise to prominence has also shone the spotlight on the ethical, privacy, and security concerns that plague the technology. From its impact on job security to deepfakes, many people and groups have learned to be more wary of AI’s far-reaching effects.

Yet, one potentially overlooked issue is how AI is reshaping the data brokerage market. This industry has long been the silent director of information exchange in the digital space, influencing how data is amassed, packaged, and monetized. Data brokers tap multiple sources and methods to collect information on consumers and build dynamic user profiles, which are then sold to third parties.

While data brokerage and profiling have many benefits, especially in the digital economy, the growing market for information is raising increasing concerns about people’s privacy and security.

At vpnMentor, we are dedicated to helping individuals keep in control of their digital presence. As such, we wanted to study the data brokerage industry and explore the motivations behind the practice, its impact on people’s privacy, and the regulations that control the system. We also analyzed industry projections to see how evolving technology is likely to affect user profiling.

What Data Brokers Do and How They Operate

Data brokers collect information from different sources, each contributing a specific type of data that enriches user profiles and makes them more dynamic. They often do this indirectly and without explicit consent, instead maximizing public records, traceable online activity, or other openly accessible channels.

Here are the most common types of data collected by brokers:

Data Type Description Typical Uses in Profiling Approximate Volume/Impact
Personal Identifiers Name, address, phone number, email, government ID, date of birth At least 70% of the world's online population
Demographic Data Age, gender, marital status, household size, income range Targeted marketing and business lead generation Over 500 million consumers worldwide
Financial Data Credit score, income, loan history, bankruptcy records, payment history Credit scoring, loan approvals, fraud detection
Purchase History Details of online and offline purchases, shopping cart contents Marketing and sales conversion
Health Data Fitness activity, medical conditions (often inferred from online behavior) Insurance risk assessment and healthtech marketing Around 25% of the data brokerage industry's revenue
Behavioral Data Browsing history, app usage, ad interactions, click patterns Online ad/content personalization and targeting Over 5,000 TB of data processed daily
Location Data GPS coordinates, device geolocation, frequently visited places Geo-targeted advertising and movement analysis Over 3 billion mobile devices worldwide
Psychographic Data Personality traits, interests, lifestyle choices, opinions, attitudes Targeted marketing and content personalization
Relational data Connections, family relationships, known associates Targeted marketing and content personalization

Data brokers use a variety of channels to extract information, but the most common methods include:

  • Websites and apps: Site cookies, app permissions, and web beacons track user behavior online.
  • Public records: Brokers gather information from property records, voting registrations, court documents, and other public files.
  • Credit reports: Financial data can be sourced from credit reporting entities like Equifax and Experian.
  • Social media activity: Brokers can easily review and record users’ online activity, including posts, shares, likes, follows, and other interactions.
  • Loyalty programs: Retailers often save detailed customer information through rewards programs.
  • Data marketplaces: Brokerage companies may buy more information from other brokers to broaden and refine their datasets.

Once the brokers finish curating dynamic user profiles from their collected information, they sell or license the data packages to businesses, marketers, government agencies, financial institutions, or other interested parties.

A study in February 2023 confirmed that data brokers sell United States citizens’ mental health data to marketers, employers, and insurance agencies.

Below is a graphic of the flow of information from consumers to third-party buyers:

Graphic showing the data flow from consumers to third party buyers, such as advertisers, insurers and government agencies.

The Current State of the Data Brokerage Industry

The global data broker industry was reportedly worth around US$390 billion in 2024. By 2025, it’s projected to earn US$262.28 billion in revenue, and forecasts place its market value as high as US$672 billion by 2032.

In comparison, the global cybersecurity market was valued at under US$200 billion in 2023, while social media was worth around US$251.45 billion in 2024.

The data brokerage industry’s projected average compound annual growth rate (CAGR) for the next 5 years is around 7.5%. However, it’s not unlikely that the figure will swell even further with continued advances in big data and AI, which allow data brokers to process and package large batches of information more easily and with better accuracy.

Moreover, the increasing rate of digital adoption worldwide will make even more data available to brokers, emphasizing the value of consumer data analytics to businesses and other organizations. The growing demand for personalization and data insights for targeted marketing and strategic decision-making is also set to further highlight brokers’ role in the digital economy.

Graph showing past and estimated future market value of the data brokerage industry, from 2023 until 2032.

Impact of User Profiling on Business Performance

The practice of user profiling is at the core of the data brokerage market. Brokers aggregate all the information they collect, process it to become behavior-based, data-driven insights, and then package it for sale. Thanks to the innovations in machine learning (ML) and AI, user profiles are becoming increasingly dynamic and personalized, updating in real-time as more data is gathered.

For businesses, this means they’re able to better understand their target markets’ preferences, pain points, and behaviors. They can create highly targeted ads, reduce investment risks, and optimize production. Adaptive consumer profiles also let companies pinpoint market gaps, capitalize on consumer demands, and identify new revenue streams.

In other words, data brokers help businesses improve conversion rates, increase strategic adaptability, and maximize profitability.

Graphic showing the evolution of user profiles, from initial data collection, all the way to the finalized profile for use by the third parties.

The Most Dominant Data Brokerage Companies

As of writing, Data Brokers Watch tracks at least 1,075 active brokers worldwide. Not all of them share their estimated annual revenue, but of the ones that do, 16 companies top the list, generating over US$500 million a year.

Marketing and advertising is perhaps the biggest sector that benefits from top data brokers, with 9 out of 16 companies working in marketing, general advertising, digital advertising, market research, or a combination of these.

It is followed closely by the insurance and financial service industries, with 7 data brokerage companies catering to these fields. Other popular client sectors include retail and e-commerce, business solutions, and real estate.

Data Brokerage Company Core Services and
Businesses Model
Industries Served Estimated Annual Revenue
6Sense B2B predictive intelligence for marketing and sales pipeline Marketing, Business Analytics $500M-$1B
Acxiom Consumer data and analytics, targeted marketing, customer insights Marketing, Retail, Finance $500M-$1B
Ancestry Genealogy and family history data for personal use Personal Services, Health $500M-$1B
Black Knight Loan lifecycle management for lenders and servicers Finance, Real Estate, Mortgage $500M-$1B
CareerBuilder Job search platform with data-driven recruiting solutions Employment, Human Resources $500M-$1B
CoreLogic Property and financial data analytics, mortgage and real estate insights Real Estate, Insurance, Finance Approx. $1.6B
Data Axle Customer acquisition and retention solutions using data analytics Marketing, E-commerce, Consumer Intelligence $500M-$1B
DemandScience B2B data solutions for revenue intelligence and demand generation Marketing, Advertising, Business Analytics $500M-$1B
Dynata Global data and insights for market research Marketing, Consumer Intelligence $500M-$1B
Equifax Credit reporting, risk analytics, customer identity, and fraud detection Finance, Insurance, Government Approx. $5B+
Experian Credit reporting, data-driven marketing services, identity verification Finance, Insurance, Marketing Approx. $5B+
FinThrive Revenue management solutions for healthcare providers Health, Finance $500M-$1B
FreeWheel TV and video advertising platform Advertising, Media, Television $500M-$1B
Media.net Online ad tech for advertisers and publishers Advertising, E-commerce $500M-$1B
Oracle Data Cloud Aggregated consumer data, targeted advertising, cross-channel marketing Advertising, Retail, E-commerce Approx. $40B (total Oracle revenue)
LexisNexis Risk Solutions Risk assessment, background checks, public records data Law Enforcement, Finance, Insurance Approx. $3B

How Digital Expansion Is Reshaping the Data Broker Market

The increasing rate of digital adoption worldwide, coupled with the rapid pace of innovation in the tech and automation sectors, has only made consumer data an ever more valuable asset. Data brokers are already implementing cross-device tracking to facilitate dynamic profiling. AI advancements, meanwhile, are simplifying information scraping and processing, which enables more aggressive data brokering.

Cross-Device Tracking

Cross-device tracking allows data brokers, businesses, and other organizations to create unified profiles of individuals. They use a combination of deterministic and probabilistic tracking — the former records user logins to match devices accurately, while the latter analyzes IP addresses, browsing patterns, and other activity triggers to deduce device and user links.

The biggest tech firms (like Google, Meta, Apple, and Microsoft) employ deterministic tracking to monitor user activity across the web and their linked devices — it’s right there on the terms and conditions that we all agreed to. Meanwhile, probabilistic tracking generally doesn’t involve user consent, as it focuses on approximations and pattern-building. The data gathered is typically used to deploy targeted ads and increase personalization.

Graph showing newer ways in which data brokers can build a comprehensive trace of consumer behavior.

While cross-device tracking greatly benefits companies’ marketing efforts and potentially offers convenience to users, it poses significant privacy concerns for individuals. The United States Federal Trade Commission (FTC) even released a staff report regarding the practice as early as 2017, although privacy experts remarked that they gave “few practical recommendations” for user protection.

Nonetheless, there’s undoubtedly growing privacy awareness among consumers, and it’s potentially pressuring large tech companies and developers to adopt more privacy-facing measures. In 2020, Google announced its intention to eliminate third-party cookies from its Chrome browser. Third-party cookies are notorious for collecting extensive browsing data to create detailed user profiles.

AI-Driven Personalization

Although Google abandoned its plan to phase out third-party cookies in 2024 — deciding instead to “[let] people make an informed choice that applies across their web browsing” — 55% of business leaders are already expecting to adopt aggressive AI and ML predictive analytics in lieu of third-party cookies, according to data from Twilio Segment’s The State of Personalization 2024.

Companies are investing more and more in AI to gain a competitive advantage in the consumer data landscape. While AI chatbots are considered the leader in personalization in 2024, 45% to 57% of business heads recognize the potential of automated customer journeys, predictive analytics, and customer segmentation over the next 5 years. In other words, AI-driven user profiling is on the rise.

Not only can AI replace the likes of third-party cookies and browser fingerprinters for tracking and data collection, but it can also optimize data brokers’ operations by analyzing and processing big batches of data more efficiently.

Already, 86% of companies are looking to move from reactive to predictive personalization. This means that businesses across all industries are likely to leverage dynamic user profiles to predict preferences and behaviors instead of waiting for direct brand interaction. While it seemingly improves engagements and customer experiences, the privacy implications could be more staggering.

The Ethical and Security Implications of User Profiling

As the data broker market continues to expand, it’s likely to influence regulatory trends and discussions on ethical data practices and consumer protection. For instance, the adoption of AI and ML in information collection and processing poses the question of user consent.

With traditional browser trackers, individuals can typically opt out of tracing (even though the process may not be very intuitive). On the other hand, AI can make profiling completely inescapable by including ML algorithms as non-optional scripts in apps, websites, or other platforms. Such sophisticated tracking technology might eventually be able to store and use even biometric data for profiling.

Top Consumer Concerns Surrounding Profiling

Even though studies show that 54% of business leaders are gearing to ensure “robust privacy controls” involving AI profiling and personalization — and 89% are looking to invest in ethical AI to cater to consumer needs — the public’s trust in the technology is experiencing a rapid decline.

The 2024 Edelman Trust Barometer found that consumers’ trust in companies investing in AI dropped by 8% since 2019, coming down to 53% in 2024. The figures are even lower for developed countries like the United States, which fell 15 points from 50% in 2019. Developing nations are reportedly more accepting of AI than resistant.

Graphic showing survey results showing different sentiments towards data gathering and user profiling, in the US and around the world.

Noteworthy Examples of Profiling Misuse

Consumers’ concerns about organizations’ irresponsible, unethical, and potentially harmful data collection and use are not unfounded. Over the years, multiple online services and tech companies have received criticism for ads and automation that demonstrated bias, discrimination, or unethical profiling. Below are a few high-profile examples:

Facebook: Predatory Profiling of Vulnerable or Minority Groups

As the biggest social networking platform, it’s no surprise that Facebook has encountered and been under fire for multiple alleged data privacy violations and unethical profiling.

  • 2024: The platform was found to be profiling “people at high risk of gambling or alcohol-related harms” in Australia and targeting them with ads for these products. Researchers from the University of Queensland found that over 260 alcohol and gambling companies are working with Facebook to find and target vulnerable individuals.
  • 2022: Facebook was fined by the United States Department of Justice (DOJ) for violating the country’s Fair Housing Act, letting advertisers exclude certain “ethnic affinities” from targeted housing ads. This resulted in potential housing discrimination against African American, Hispanic, and Asian individuals.
  • 2018: One of the biggest data privacy scandals in the 21st century involved Facebook and Cambridge Analytica, where it was found that Facebook allowed the unauthorized collection of 87 million users’ data, which were used for political manipulation.
  • 2017: Documents from Facebook executives came to light, detailing how the app can tell if teenagers were feeling “stressed,” “insecure,” or “defeated.” Facebook was reportedly using internal data and algorithms to identify when a young person is vulnerable to different types of advertisements.
  • 2014: In one of the earliest controversies surrounding social media platforms’ unethical actions, Facebook was condemned for a non-consensual experiment where the app “manipulated” users’ feeds to determine how it would impact their emotions.

Amazon, Clearview AI: Law Enforcement and Surveillance

Predictive policing has long been a contentious subject, with privacy advocates raising concerns about the inherent racism in algorithms used for the initiative. While location-based predictive tools focus more on the probability of crime occurring in specific settings, person-based tools judge people’s likelihood of being involved in crime based on demographic, psychographic, and personal historical data.

In 2023, a study by The Markup and WIRED found that Geolitica — a predictive analytics company previously known as PredPol, whose client list used to include the LAPD — had a prediction success rate of less than 1%.

Privacy groups have also raised alarm bells over surveillance issues. Clearview AI became a hot topic in 2020 when it was revealed that it can match an anonymous image of any person to other photos anywhere on the web. They reportedly scraped images from millions of sites to create a facial recognition app that topped “anything ever constructed by the U.S. government or Silicon Valley giants.”

Amazon’s Ring doorbell camera has also been a point of controversy after the company partnered with law enforcement to create a “new neighborhood watch.” All footage recorded by the device was saved in a central Amazon server, which allowed authorities to access them. In 2020, a software engineer at Amazon said the system is “not compatible with a free society,” and regulations aren’t enough to solve the issue.

Graphic with different examples of user profiling misuse, including Facebook/Meta, Spotify, Target, Google, Amazon, and Linkedin.

Target, Spotify: Consumer Profiling for Targeted Advertising

Target came under fire as early as 2012 when it came to light that the company can use collected consumer data to tell if a customer is pregnant and send them pregnancy-specific promotions. This reignited discussions about data privacy and how corporations can know more about consumers than friends and family.

Spotify hasn’t been spared the condemnation. Since 2015, it has reportedly been investing in its data analytics to figure out the emotional state of its users. The data they collect can be sold to third-party marketers and help them launch highly effective, targeted ad campaigns.

Google, LinkedIn, Amazon: Gender and Income Bias in Display Ads

In 2021, it was found that Google had allowed advertisers to exclude certain genders from Google Ads listings, which reportedly resulted in higher-paying job ads being shown to more men than women. The company had previously been said to allow employment, credit, and housing ads to discriminate against individuals based on income, gender, and marital status.

The integration of AI in data brokerage is likely to increase such instances of discrimination, especially with models being trained by historical data that typically favored certain groups. For example, both Amazon and LinkedIn had previously used recruiting and job-matching AI algorithms that turned to favor men over women candidates.

Data Breach: Compromising the Information of Millions

Aside from the above examples of profiling misuse, there has also been a significant number of data breaches that targeted broker companies. The sensitive nature of the data they store makes them an attractive mark for threat actors who wish to use people’s data for fraud, identity theft, or other forms of misuse.

In January 2025, Gravy Analytics became the victim of a massive breach that exposed the location data of millions of users. The incident caused significant worry among experts and advocates, especially as it was revealed that the company worked with an LGBTQ dating app, and the breach could compromise the safety of individuals in countries where same-sex relationships are illegal.

Regulatory Landscape for the Protection of User Privacy

Several regions have implemented regulations to safeguard individuals from invasive data brokerage and profiling practices. The policies typically enforce explicit consent requirements for data processing and protect consumers’ rights to access, correct, or delete their data. Here are some of the regulations currently in effect:

  • General Data Protection Regulation (GDPR) in the European Union
  • California Consumer Privacy Act (CCPA) in California, United States
  • General Data Protection Law (LGPD) in Brazil
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
Consumer
Rights
GDPR CCPA
Access to Data Allows full access to all personal information held by a company Allows requests to access categories or specific pieces of personal data
Right to Delete Provides users broad right to request deletion of personal data Provides right to delete data with exceptions (e.g., needed for business)
Right to Correct Allows correction or rectification of personal data Lacks explicit right to correct (with proposals to allow the measure)
Right to Opt-Out of Sale Allows objection to data sales or processing Provides explicit rights to opt out of data sales
Right to Data Portability Allows transfer of data between services and devices Provides limited data export options
Fines for Non-Compliance Up to €20 million or 4% of the violating party's annual global revenue Up to $7,500 per intentional violation in California
Enforcement Statistics
GDPR CCPA
Company Compliance Impact • Around 92% of European companies reported compliance post-enforcement
• Up to 85% of companies feel the financial and operational impacts of the regulation (e.g., conducting audits, investing on data protection systems)
• Impacts around 75% of United States companies with over $25 million in annual revenue
• Annual costs for larger companies range from US$100,000 to over US$1 million
Consumer Rights Exercised • Around 32% of European consumers have exercised their rights to access, delete, or correct data
• Around 25% of requests involve data deletion
• Over 40% of Californian consumers have reported either exercising or considering exercising their rights
• Most requests involve accessing data and opting out of data sales
Consumer Awareness • Over 70% of European citizens report awareness of their GDPR rights • Around 52% of California residents report awareness of their CCPA rights

Despite the existence of the regulations above, cybersecurity and privacy experts assert that laws need to be stricter to ensure the safety of consumers and citizens.

For example, smaller or lesser-known data brokers are reportedly finding it easy to sidestep policies and evade detection since most advocates and regulatory bodies focus on the practices of larger firms. In fact, NATO’s Data Brokers and Security Report states that the white market for data has a revenue size of US$200 billion, while the black market is valued at US$1.5 trillion.

Conclusion

Overall, the continuing growth of the data brokerage industry, as well as the promise of further innovations, leaves no doubt that data has become a leading form of currency in recent years. So, now more than ever, it’s vital for consumers to understand the value of their information and take steps to safeguard it from unethical or unlawful use.

However, while individual consumers can take some action to better secure their data, the larger burden falls on businesses, developers, and regulatory bodies. An average user’s basic device configurations are unlikely to completely thwart intrusive and potentially unethical trackers and data harvesters.

As advocates of digital privacy, we see the need for more comprehensive laws that would prevent brokerage companies from​​ surreptitiously ​​and unethically collecting and using personal data.

Moreover, we believe that businesses have the primary responsibility of protecting their consumers’ privacy, so they must be held to higher standards when it comes to the responsible disclosure of data use practices and proactive information dissemination regarding potential privacy and security threats.

For clarifications, inquiries, or further analyses about this research, please don’t hesitate to contact us.
We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Krista is a vpnMentor writer with a diverse background in content writing and editing. Her main interests include digital privacy and sociopolitical awareness, which are materialized through her research and written works.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address