What is a data broker — and why do they have your personal information?

You probably haven't heard of most of them. But Acxiom, Tracesmart, 192.com, and around 20 other companies operating in the UK right now hold detailed records about you — your name, your address, your date of birth, your phone number, your financial profile, and in some cases your household composition and purchasing habits.

They didn't ask your permission. And they're selling that data to anyone willing to pay.

What exactly is a data broker?

A data broker is a company whose primary business is collecting personal information about individuals and selling it to third parties. Their customers include banks, insurers, marketers, landlords, employers, and private investigators.

Unlike social media companies — which collect data as a side effect of a service you've chosen to use — data brokers exist purely to aggregate and monetise personal information. You are not their customer. You are their product.

Where do they get your data?

The main sources in the UK are:

• The Electoral Register — councils are required to publish an "edited" version of the register which anyone can purchase. Unless you opted out when you registered, your name and address are on it.
• Companies House — if you're a company director, your residential address may be publicly visible on the register.
• Credit reference agency marketing databases — Experian, Equifax, and TransUnion all operate marketing data arms separate from their credit reference functions.
• Public records and court data — county court judgements, insolvency registers, and other public filings.
• Data purchased from other brokers — data brokers buy from each other, creating cascading datasets that are very difficult to trace back to source.

What are your rights under UK GDPR?

UK law gives you two powerful rights against data brokers specifically:

• Article 17 — the right to erasure. You can require a data broker to delete your personal data. They must comply unless they have a specific legal exemption (which most don't).
• Article 21 — the right to object to direct marketing. This is an absolute right. A data broker cannot refuse an Article 21 objection on the grounds of legitimate interests. They must comply without undue delay.

The problem is exercising these rights. Each broker has a different opt-out process. Some require written letters. Some respond in days; others ignore requests entirely. And even after removal, brokers routinely re-populate their databases from public sources — meaning you may need to opt out again.

What DataDelete does

DataDelete automates the entire process. We identify every data broker holding records about you, send legally binding erasure and opt-out requests on your behalf, track the 30-day GDPR response deadline, and escalate non-compliant brokers to the Information Commissioner's Office.

We re-check your removal status every 60 days. If your data re-appears, we send another request automatically.

The right to object to direct marketing is absolute. There is no balancing test, and data brokers are required to comply without undue delay. — UK GDPR Article 21(3)