This whole industry just needs to die. There shouldn't be an industry whose purpose is trading information about people. Sales leads for individuals isn't a commodity.
How to take power away from brokers: make third-parties more interested in data users make available themselves rather than those strung together from secondary sources, especially if it's of higher quality.
I know tying a UID to yourself and keeping your data in a central repository isn't the most welcome solution, but at the moment your identifiable attributes are fragmented across a vast ecosystem and not at all in your control. A data compensation mechanism seems a natural extension to the 'data donation' schemes that are currently gaining traction in academic circles -- some users are more inclined to share fitness data while others have less issue with sharing their social media history for analytical purposes.
No doubt this would still result in a less private public overall, but the end-user can at least take back (some) agency in how data is put to use while making some passive income on the side.
A more effective approach: government. California's SB 362 creates a single opt out starting 1 Jan 2026, audit obligations (mandatory 3rd party every 3 years w/ submission of failures to the CPPA, California's privacy enforcement agency), etc. Plus the potential of a $200 per day per request fine for failing to act on opt outs.
That’s what Global Privacy Control (GPC)[0] is trying to do. So far it’s been referenced in California, Colorado and Connecticut state privacy regulations as an "opt-out preference signal” or "user-enabled universal opt-out method”[1]. Sephora paid a $1.2-million settlement in 2022 for not respecting the signal[2].
While the map demonstrates a clear skew towards US (and to some degree, EU) data brokerages (likely because these are difficult to map in non-US/EU contexts, or more dire, the existing lack of oversight), regulatory differences between regions will simply push their operations elsewhere, if not already.
That said, the compensation scheme as proposed would likely need government mandate, and I am all for a solution that lies halfway between the public, markets and government.
>simply push their operations elsewhere, if not already.
This is true of any regulation, and its sort of a tired trope.
We don't make CP legal simply because its currently being pushed to regions with less regulation. Adding a higher barrier to entry and more difficult operations does reduce the amount out there, and while there would absolutely still be data brokers moving to deregulated regions, this imposes a significant cost and obstacle so that there would a much smaller market of availability and also a clear signal for companies wanting to do business with these brokers that they risk their own legitimate business by engaging with them.
No. A single opt-out run by the state, similar to the do not call list, but (at least claimed) with real enforcement by an agency dedicated to the enforcement of privacy laws constructed and funded via proposition.
1. An advertizer would want the info on users who spend lots money on the internet, but you have to be pretty poor to consider selling all your data for a few bucks per month.
2. Money will attract fraudsters. Think VM farm simulating traffic, or students leaving "human simulator" apps running while they go to class.
No. The answer isn't just individual action. Despite what the lolbertarians say, technology can and should be regulated. This is definitely one of those spaces that need more regulations like GDPR and CCPA.
We've run this libertarian nonsense to its logical conclusion, and your solution is to get browbeaten and blackmailed into aggregating your PII into one database without any rules and with the hope that you'll have "agency"? I'm sure such a company would be very responsive to your unregulated requests for PII deletion.
Let's not be naive here, this is exactly the kind of space where you need government regulation to start making it harder to do these kinds of activity.
As stated elsewhere [1], I do think that governments have a (large) role to play. But we also shouldn't be naive and look at current (EU/US) regulations and pray the fines will deter data brokering from continuing unheeded.
As with any 'tech genie', once out its bottle existing political instruments may need adjusting to this new reality. We have been living in the big data era for over 15 years now, and I have yet to reap any of the profits surely made by the many stakeholders benefitting from my online presence.
We have tax breaks and incentives; why no equivalent for our digital contributions, which governments and financial institutions equally make use of and benefit from?
Nice to see Data Brokers Watch at the top of HN, I'm one of the creators.
We are a nonprofit, and we are looking for volunteers to help us automate the opt out process, but in a different, more effective way than the companies doing it today. If you have expertise in ML (classification), react, UX/UI or aws and would like to help us make a dent in the data brokers and more generally online privacy spaces please get in touch at info@consciousdigital.org.
There's only value in them if whatever regulation thats governing them (GDPR, CCPA) is seen by the organization as enough of a punishment for non-compliance that they choose to respect opt-out rather than not. So, opting out of a sketchy company in Thailand? Probably does nothing. Opting out of a large, multi-million dollar broker in California? Probably worth it.
Well the map seems to suggest we're mostly dealing with US centric companies in this
Annoyingly the removal company with most coverage seems to require minimum 1 year subscription. So hit & run for a single month isn't possible with them
