Contact Us
Download MySudo

Knowledge Center > Data Brokers > Data Brokers and Privacy Laws

Data brokers and privacy laws

Data brokers and privacy laws: what they mean for you

Data brokers quietly collect, combine, and sell massive amounts of personal information — often without your direct consent.

This article looks at how new privacy laws are starting controlling these practices. It explains your rights as a consumer. You will learn how to use these rights to protect your data and your peace of mind.

The legal spotlight finally turns toward data brokers

For years, data brokers operated in the shadows of the digital economy. As stories of data breaches, identity theft, and predatory targeting became more common, public concern grew. In response, lawmakers around the world started acting.

Today, data brokers increasingly fall under comprehensive privacy laws. These laws define what counts as personal data and how companies can use it. They also focus on who controls that data.

Each law has its own details. Still, they share a core principle: personal data belongs to the individual, not the companies that collect it.

Here are some court cases in recent years that were decided in favor of consumers:

LiveRamp Holdings, Inc. — Class Action Moves Ahead (2025)

  • In a case called Riganian v. LiveRamp Holdings, Inc., a federal court reviewed claims against a data broker. The court refused to dismiss allegations that the company collected and sold consumer data without consent. The claims also raised possible violations of California wiretapping and privacy laws. Taulersmith
  • This demonstrates that courts may allow data‐broker liability claims to proceed under consumer‐privacy statutes.

The Data Group, LLC & Infillion, Inc. – California Data Broker Registry Enforcement (2024)

  • The California Privacy Protection Agency (CPPA) acted against these brokers. They failed to register under California’s Data Broker Registry, which the law requires. For example, Infillion paid ~$54,200 in a settlement for late registration. CPPA
  • This example shows how regulations are changing. They now focus more on data-broker registration and oversight, not just on harm to consumers.

Kochava, Inc. – FTC Lawsuit Over Location Data (2022)

  • The FTC sued Kochava for allegedly selling precise location data from hundreds of millions of mobile devices. This data included visits to sensitive places like health clinics and shelters.TechCrunch
  • The case highlights how data brokers’ geolocation offerings can raise serious consumer‐privacy concerns and regulatory scrutiny.

Clearview AI – Vermont Lawsuit Under Data Broker Law (2020)

  • The Vermont Attorney General sued Clearview AI under the state’s data broker and consumer-protection laws. The suit claims the company scraped billions of photos and sold facial-recognition services without proper consent. Hunton
  • This is not a typical “data broker” case in marketing. Still, it shows how combining public registry data with biometric tools can lead to regulatory action.

The key privacy laws that affect data brokers

Let’s break down the major privacy frameworks that shape how data brokers must now operate — and how they empower you.

GDPR (General Data Protection Regulation – European Union)

  • Organizations must obtain explicit, informed consent before they collect, process, or share personal data.
  • Grants the right to access, correct, and delete your personal data (including data held by brokers).
  • Imposes heavy penalties for violations up to 4% of global annual revenue.
  • Applies to any company handling EU residents’ data, even if located outside the EU.

In practice: If a data broker tracks someone in the EU, they must have a legal reason to collect the data. They must also allow the person to access it or request deletion.

CCPA & CPRA (California Consumer Privacy Act & California Privacy Rights Act)

  • Give Californians the right to know, delete, and opt out of the sale or sharing of their personal data.
  • Broaden the definition of a “sale” to include sharing data for advertising or profiling. This directly challenges the core business model of data brokers.
  • Require a visible “Do Not Sell or Share My Personal Information” link on company websites.
  • Create enforcement mechanisms through the California Privacy Protection Agency.


In practice: Californians can now tell data brokers, “You may not sell or share my information,” and the broker must comply.

Other U.S. State Laws (Virginia, Colorado, Connecticut, Utah, and more)

Several states have passed or are finalizing GDPR-style legislation. Common provisions include:

  • The right to access, correct, or delete data.
  • The ability to opt out of targeted advertising and profiling.
  • Requirements for transparent data collection notices.

These state-level laws are building a patchwork of protection that’s slowly expanding nationwide.

What these laws actually mean for you

Laws are only as powerful as your ability to use them. Here’s what they translate to in practical terms for consumers:

Your Right
What It Means
Why It Matters
Right to Know

You can request that companies disclose what data they hold about you and who they’ve shared it with.

Transparency is the first step toward control.

Right to Delete

You can demand that your data be erased from a company’s or broker’s database.

Reduces exposure to spam, scams, and resale.

Right to Opt Out

You can forbid companies from selling or sharing your personal data.

Stops your information from circulating among brokers.

Right to Correct

You can fix inaccurate or outdated information.

Prevents decisions based on wrong data (e.g. credit or insurance)

Right to Non-Discrimination

Companies can’t deny you services for exercising your privacy rights.

Ensures fairness and protects against retaliation.

At Anonyome Labs™, we believe privacy isn’t a luxury — it’s a right worth preserving. With tools like MySudo®, we help people protect their identities and keep their privacy safe in a connected world.

Topic

Data Brokers

Sub Topics

Data Brokers and Scammers

Data Brokers and Privacy Laws

Talk to sales

From our blog:

How Data Brokers Find and Sell Your Personal Information

How to stop your personal data from being used to train AI

How MySudo Keeps You Safe on Social Media Even in a Data Breach

 

Actionable checklist
(one minute)

  • Register on your country’s Do Not Call list.
  • Run an opt-out sweep against the top 10 data brokers.
  • Turn on carrier spam protection and install a reputable call-blocking app.
  • Use alias numbers/emails for online signups and marketplaces.
  • Educate family and employees about vishing tactics and verification practices.
  • Download and start using MySudo®