What internet data brokers have on you — and how you can start to get it back
D3sign | Moment | Getty Images
Data brokers have long operated in the shadows of the internet, quietly amassing unprecedented amounts of personal information on billions of people across the globe, but few realize just how deep this data collection really goes.
In an age where every move you make online — every click, every purchase, every “like” — is meticulously harvested, packaged, and sold for profit, aggregated personal data has become a valuable commodity, and the global data broker industry is proof of that.
The rise of artificial intelligence tools poses the risk of even more personal information being scraped from the internet and an already opaque world of data brokering becoming even more aggressive, and that is heightening data privacy concerns. A 2023 study from Pew Research found that the American public increasingly says it does not understand what companies do with their data. According to Pew, 67% of Americans say they “understand little to nothing about what companies are doing with their personal data, up from 59% in its previous survey on the subject in 2019. A majority of Americans (73%) think they have “little to no control” over what companies do with their data.
Many people are unaware that something as simple as their phone number can be used by data brokers and bad actors to uncover highly sensitive information, including a Social Security number, address, email, and even family details, said Arjun Bhatnagar, co-founder and CEO of Cloaked, an app that disguises your personal information by generating a unique “identity” for each online account you have.
According to Roger Grimes, an expert at cybersecurity education firm KnowBe4, while many data brokers —especially the more well-known players — sell information responsibly, some of the smaller, unknown brokerages skirt regulations, push ethical boundaries, and exploit data in ways that can lead to misuse or harm. This is partly due to the hazy regulation landscape around data brokerage, which makes it easier for these practices to go unchecked.
Some of the largest providers of data brokerage services include Experian, Equifax, TransUnion, LexisNexis, Epsilon (formerly Acxiom), and CoreLogic, according to a ranking from OneRep, an online personal data management service. People-search services Spokeo and Intelius are also among the top data brokers, according to OneRep. These companies operate across multiple industries, handling both publicly available information and more sensitive consumer data. They offer various services, ranging from marketing analytics to credit scoring and background checks, and all of them have processes for requesting your data or asking for it to be deleted. However, depending on the state you live in, they may not have to comply.
Experian, Equifax and TransUnion are a good place to begin to understand how much the data industry has grown. While many consumers know these companies for their credit services, those are now just one piece of the revenue pie, with broader digital marketing of data increasingly important, according to Jeff Chester, founder and executive director of the Center for Digital Democracy, a Washington, D.C.,-based consumer privacy advocate. And data collection spans much farther across the economy, with companies from grocery stores offering discount programs to streaming video services amassing data that others will pay for. “Today, everyone is a data broker. Having the ability to reach someone online and target has become a core part of business,” Chester said.
“I try to lock down everything as much as I can, but I’m also aware that even though I’m a security expert, I’m probably overexposed,” said Bruno Kurtic, president and CEO of data security firm Bedrock Security.
As a basic step to limit financial risks, he recommends that all individuals freeze their credit reports as a proactive measure against identity theft and to prevent malicious actors from opening new accounts or loans in their name.
Inside data brokers’ massive vault
Cybersecurity experts estimate that data brokers collect an average of 1,000 data points on each individual with an online presence.
“It behooves them to collect as much as humanly possible about you, because the larger the information pool about you and the more specific they can get, the higher the cost of that data,” said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company founded by former National Security Agency personnel.
Here’s a breakdown of the types of information data brokers typically collect, according to privacy experts interviewed by CNBC:
- Basic identifiers. Full name, address, phone number, and email.
- Financial data. Credit scores and payment history.
- Purchase history. What you search for online, what you buy, where you buy it, and how often you buy certain products.
- Health data. Your medications, medical conditions, and your interactions with health-related apps or websites.
- Behavioral data. Insights into your likes, dislikes, and the types of ads you’re likely to click on.
- Real-time location data. GPS data from apps that track your commute, where you shop, and how often you visit certain places.
- Inferred characteristics. Based on you’re your browsing and media consumption — the websites you visit, articles you read, videos you watch, data brokers draw insights about your lifestyle, income, preferences, religious or political beliefs, hobbies, and even your likelihood of charitable giving.
- Relationships with family, friends, and colleagues. By analyzing your network of friends, followers, and connections on social media and messaging apps, data brokers can map out your relationships and even track how frequently you interact with certain individuals to determine the depth of your bonds.
Little oversight around data privacy
The lack of comprehensive regulation around data privacy allows data brokers to operate with little oversight, unlike the General Data Protection Regulation (GDPR) in the European Union.
“There is no comprehensive federal privacy law that specifically regulates the industry, which makes it hard to combat them,” said Chelsea Magnant, adjunct instructor of cyber leadership at NYU’s Center for Global Affairs and a director at corporate consulting firm Brunswick. “We essentially have a patchwork of state laws with varying privacy protections that these companies know how to navigate.”
California was the first to enact comprehensive legislation in 2018 with the California Consumer Privacy Act, giving residents more control over their personal data. In 2020, California voters approved an expansion of the CCPA, called the California Privacy Rights Act, which took effect in 2023. It offers the most extensive protections in the U.S., including data correction, limiting the use of sensitive information, and requiring businesses to honor opt-out preference signals. It also imposes stricter data-protection obligations on companies, such as minimizing data collection.
Since then, about 20 other U.S. states have followed suit; however, the specific rights and thresholds for which companies must comply vary widely between states.
“Different states have different business environments, economies, and viewpoints. This lack of a unified approach, something that protects all citizens across the country, leaves us vulnerable to data brokers,” said Rob Hughes, chief information security officer at RSA.
Even in states where the privacy laws are strict, there is skepticism that smaller companies on the margins of the data brokerage industry will follow them. “They have extremely sensitive data sets under their management, and they have to essentially behave like the most sensitive enterprises. And we know that some of these data brokers just don’t operate businesses like that,” Kurtic said.
How to take control of your data
To start protecting your privacy, it’s important to rethink how much personal information is shared on a daily basis, says Cloaked’s Bhatnagar. While we can’t fully hide, consumers need to develop new habits and tools to limit what we expose, from turning off permissions that track your location to saying no to cookies and refraining from posting personal details online. Additionally, using tools like secure browsers, VPNs, and tracker blockers can help.
Some of the largest technology companies in our daily lives, such as Apple, are continually updating and adding to privacy options, such as on the new iPhone and latest iOS update.
An Equifax spokeswoman said U.S. consumers can opt out of their personal information being shared in accordance with U.S. state privacy laws. On average, she said, opt-out requests made through the Equifax Privacy Preference Center are processed in less than one business day and consumers are informed of a successful submission through the company’s Preference Center. Consumers can also review the types of third-parties that companies such as Equifax share personal data within its privacy section.
Opt-out links and instructions are readily available for most of the major data brokers:
But data privacy experts says reclaiming or deleting your data from brokers can be a deliberately complex process that is not only time-consuming but frustrating. Each broker has its own opt-out requirements, and even after you’ve removed your data, it often reappears, sourced from other places.
“Removing your data from their systems impacts their bottom line, so they are disincentivized to make this easy for you,” said Henderson. “Ultimately, if you remove the information, they can’t sell that. So the more people who request their information be removed, the less attractive of a broker they are to the advertisers.”
There are data-removal services, such as DeleteMe, Kanary, OneRep, and PrivacyDuck, which charge a fee to manage these ongoing tasks, and are becoming increasingly popular. In October, Consumer Reports launched Permission Slip, a free app that helps you control which companies can collect, store and sell your personal data. It relies on donations to keep it going, either through the app or the Consumer Reports website.
For those opting for the DIY approach, here’s what the data privacy experts interviewed by CNBC recommend to get started:
Identify the brokers collecting your data. As already stated, this can be a daunting task, as many operate behind the scenes. However, there are a few methods you can use to track them down, says Henderson. One is to conduct a Google search using your name, phone number, and email address and see which brokers pop up. You’ll most likely find your name on sites like Spokeo, Whitepages, or MyLife. Another strategy is to visit the websites of the largest data brokers and search your information.
Submit opt-out requests. If you live in a state with data privacy regulations, you can submit a request to delete your data on the opt-out page of these companies’ websites, including at the links listed above, so they cannot share your data with third-party companies. It’s important to note that each broker may have different processes for handling these requests and state laws vary when it comes to what types of data are covered. Some data brokers may also require you to provide identification or verify your identity.
Check your results. After submitting opt-out requests, revisit the data brokers’ sites periodically to ensure your data has been removed. It may take several weeks or months for your request to be processed.
Engage in digital hygiene practices. Regularly reviewing and updating your online security practices is essential. Secure passwords, two-factor authentication, and encryption tools can help protect your information. Using virtual identities, such as alternative email addresses and phone numbers, can further safeguard your personal information.
Seek legal recourse if necessary. If a data broker refuses to comply with a deletion request, you may be able to file a formal complaint with regulatory authorities such as the Federal Trade Commission, which has brought cases against the industry.
However, it’s important to understand that not every state provides the same level of protection. Consult a privacy attorney if you believe your rights have been violated.
‘The future is unfortunately dark’
Experts say deleting the data is an imperfect solution, “a Band-Aid to address a gaping wound,” according to Chester.
“Consumers have been placed in a bad position,” he said. “Data is now a form of payment,” he added, referring to cases where the consumer wants a discount in the grocery store or pharmacy. “This is a comprehensive privacy problem which requires Congress or the FTC. The idea an individual can take care of their privacy … you can shut down a tiny bit of it, but you would need to spend a great deal of time, and once you opt-in to get a discount at a store, it all starts over again.”
The future of the data broker industry looks both promising and troubling as technological advancements continue. Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School, warns that data brokers will continue to evolve as AI and machine learning advance.
“With AI, data brokers will create even more detailed and predictive profiles, incorporating everything from biometric data to behavioral tracking,” Abed said. “The problem will increase, and things are going to become more complicated.”
Abed sees potential in blockchain and privacy-enhancing technologies, which could disrupt the data brokerage model by increasing transparency and giving individuals more control over their digital identities. However, he remains skeptical: “The future is unfortunately dark. It needs to be collaborative work. I don’t see the motivation right now from the main actors for a collaborative change.”
“Telling our grandmothers or a child to configure settings on their social media and their browsers and search engines is not a winning proposition,” Kurtic said. “It’s going to take a combination of regulation, technology on the vendor side, and know-how on our own personal side.”
Until regulation steps in, data brokers will continue to collect as much data as possible. “These are revenue streams for companies that might not have other recurring revenue streams,” Henderson said. “And given there’s no regulation stopping businesses from selling information about you, I don’t see the practice stopping, especially given how lucrative it is.”
Alex Karp, CEO of Palantir Technologies speaks during the Digital X event on September 07, 2021 in Cologne, Germany.
Andreas Rentz | Getty Images
Palantir shares continued their torrid run on Friday, soaring as much as 9% to a record, after the developer of software for the military announced plans to transfer its listing to the Nasdaq from the New York Stock Exchange.
The stock jumped past $64.50 in afternoon trading, lifting the company’s market cap to $147 billion. The shares are now up more than 50% since Palantir’s better-than-expected earnings report last week and have almost quadrupled in value this year.
Palantir said late Thursday that it expects to begin trading on the Nasdaq on Nov. 26, under its existing ticker symbol “PLTR.” While changing listing sites does nothing to alter a company’s fundamentals, board member Alexander Moore, a partner at venture firm 8VC, suggested in a post on X that the move could be a win for retail investors because “it will force” billions of dollars in purchases by exchange-traded funds.
“Everything we do is to reward and support our retail diamondhands following,” Moore wrote, referring to a term popularized in the crypto community for long-term believers.
Moore appears to have subsequently deleted his X account. His firm, 8VC, didn’t immediately respond to a request for comment.
Last Monday after market close, Palantir reported third-quarter earnings and revenue that topped estimates and issued a fourth-quarter forecast that was also ahead of Wall Street’s expectations. CEO Alex Karp wrote in the earnings release that the company “absolutely eviscerated this quarter,” driven by demand for artificial intelligence technologies.
U.S. government revenue increased 40% from a year earlier to $320 million, while U.S. commercial revenue rose 54% to $179 million. On the earnings call, the company highlighted a five-year contract to expand its Maven technology across the U.S. military. Palantir established Maven in 2017 to provide AI tools to the Department of Defense.
The post-earnings rally coincides with the period following last week’s presidential election. Palantir is seen as a potential beneficiary given the company’s ties to the Trump camp. Co-founder and Chairman Peter Thiel was a major booster of Donald Trump’s first victorious campaign, though he had a public falling out with Trump in the ensuing years.
When asked in June about his position on the 2024 election, Thiel said, “If you hold a gun to my head I’ll vote for Trump.”
Thiel’s Palantir holdings have increased in value by about $3.2 billion since the earnings report and $2 billion since the election.
In September, S&P Global announced Palantir would join the S&P 500 stock index.
Analysts at Argus Research say the rally has pushed the stock too high given the current financials and growth projections. The analysts still have a long-term buy rating on the stock and said in a report last week that the company had a “stellar” quarter, but they downgraded their 12-month recommendation to a hold.
The stock “may be getting ahead of what the company fundamentals can support,” the analysts wrote.
Charles Liang, chief executive officer of Super Micro Computer Inc., during the Computex conference in Taipei, Taiwan, on Wednesday, June 5, 2024. The trade show runs through June 7.
Annabelle Chih | Bloomberg | Getty Images
Super Micro Computer could be headed down a path to getting kicked off the Nasdaq as soon as Monday.
That’s the potential fate for the server company if it fails to file a viable plan for becoming compliant with Nasdaq regulations. Super Micro is late in filing its 2024 year-end report with the SEC, and has yet to replace its accounting firm. Many investors were expecting clarity from Super Micro when the company reported preliminary quarterly results last week. But they didn’t get it.
The primary component of that plan is how and when Super Micro will file its 2024 year-end report with the Securities and Exchange Commission, and why it was late. That report is something many expected would be filed alongside the company’s June fourth-quarter earnings but was not.
The Nasdaq delisting process represents a crossroads for Super Micro, which has been one of the primary beneficiaries of the artificial intelligence boom due to its longstanding relationship with Nvidia and surging demand for the chipmaker’s graphics processing units.
The one-time AI darling is reeling after a stretch of bad news. After Super Micro failed to file its annual report over the summer, activist short seller Hindenburg Research targeted the company in August, alleging accounting fraud and export control issues. The company’s auditor, Ernst & Young, stepped down in October, and Super Micro said last week that it was still trying to find a new one.
The stock is getting hammered. After the shares soared more than 14-fold from the end of 2022 to their peak in March of this year, they’ve since plummeted by 85%. Super Micro’s stock is now equal to where it was trading in May 2022, after falling another 11% on Thursday.
Getting delisted from the Nasdaq could be next if Super Micro doesn’t file a compliance plan by the Monday deadline or if the exchange rejects the company’s submission. Super Micro could also get an extension from the Nasdaq, giving it months to come into compliance. The company said Thursday that it would provide a plan to the Nasdaq in time.
A spokesperson told CNBC the company “intends to take all necessary steps to achieve compliance with the Nasdaq continued listing requirements as soon as possible.”
While the delisting issue mainly affects the stock, it could also hurt Super Micro’s reputation and standing with its customers, who may prefer to simply avoid the drama and buy AI servers from rivals such as Dell or HPE.
“Given that Super Micro’s accounting concerns have become more acute since Super Micro’s quarter ended, its weakness could ultimately benefit Dell more in the coming quarter,” Bernstein analyst Toni Sacconaghi wrote in a note this week.
A representative for the Nasdaq said the exchange doesn’t comment on the delisting process for individual companies, but the rules suggest the process could take about a year before a final decision.
A plan of compliance
The Nasdaq warned Super Micro on Sept. 17 that it was at risk of being delisted. That gave the company 60 days to submit a plan of compliance to the exchange, and because the deadline falls on a Sunday, the effective date for the submission is Monday.
If Super Micro’s plan is acceptable to Nasdaq staff, the company is eligible for an extension of up to 180 days to file its year-end report. The Nasdaq wants to see if Super Micro’s board of directors has investigated the company’s accounting problem, what the exact reason for the late filing was and a timeline of actions taken by the board.
The Nasdaq says it looks at several factors when evaluating a plan of compliance, including the reasons for the late filing, upcoming corporate events, the overall financial status of the company and the likelihood of a company filing an audited report within 180 days. The review can also look at information provided by outside auditors, the SEC or other regulators.
Last week, Super Micro said it was doing everything it could to remain listed on the Nasdaq, and said a special committee of its board had investigated and found no wrongdoing. Super Micro CEO Charles Liang said the company would receive the board committee’s report as soon as last week. A company spokesperson didn’t respond when asked by CNBC if that report had been received.
If the Nasdaq rejects Super Micro’s compliance plan, the company can request a hearing from the exchange’s Hearings Panel to review the decision. Super Micro won’t be immediately kicked off the exchange – the hearing panel request starts a 15-day stay for delisting, and the panel can decide to extend the deadline for up to 180 days.
If the panel rejects that request or if Super Micro gets an extension and fails to file the updated financials, the company can still appeal the decision to another Nasdaq body called the Listing Council, which can grant an exception.
Ultimately, the Nasdaq says the extensions have a limit: 360 days from when the company’s first late filing was due.
A poor track record
There’s one factor at play that could hurt Super Micro’s chances of an extension. The exchange considers whether the company has any history of being out of compliance with SEC regulations.
Between 2015 and 2017, Super Micro misstated financials and published key filings late, according to the SEC. It was delisted from the Nasdaq in 2017 and was relisted two years later.
Super Micro “might have a more difficult time obtaining extensions as the Nasdaq’s literature indicates it will in part ‘consider the company’s specific circumstances, including the company’s past compliance history’ when determining whether an extension is warranted,” Wedbush analyst Matt Bryson wrote in a note earlier this month. He has a neutral rating on the stock.
History also reveals just how long the delisting process can take.
Charles Liang, chief executive officer of Super Micro Computer Inc., right, and Jensen Huang, co-founder and chief executive officer of Nvidia Corp., during the Computex conference in Taipei, Taiwan, on Wednesday, June 5, 2024.
Annabelle Chih | Bloomberg | Getty Images
Super Micro missed an annual report filing deadline in June 2017, got an extension to December and finally got a hearing in May 2018, which gave it another extension to August of that year. It was only when it missed that deadline that the stock was delisted.
In the short term, the bigger worry for Super Micro is whether customers and suppliers start to bail.
Aside from the compliance problems, Super Micro is a fast-growing company making one of the most in-demand products in the technology industry. Sales more than doubled last year to nearly $15 billion, according to unaudited financial reports, and the company has ample cash on its balance sheet, analysts say. Wall Street is expecting even more growth to about $25 billion in sales in its fiscal 2025, according to FactSet.
Super Micro said last week that the filing delay has “had a bit of an impact to orders.” In its unaudited September quarter results reported last week, the company showed growth that was slower than Wall Street expected. It also provided light guidance.
The company said one reason for its weak results was that it hadn’t yet obtained enough supply of Nvidia’s next-generation chip, called Blackwell, raising questions about Super Micro’s relationship with its most important supplier.
“We don’t believe that Super Micro’s issues are a big deal for Nvidia, although it could move some sales around in the near term from one quarter to the next as customers direct orders toward Dell and others,” wrote Melius Research analyst Ben Reitzes in a note this week.
Super Micro’s head of corporate development, Michael Staiger, told investors on a call last week that “we’ve spoken to Nvidia and they’ve confirmed they’ve made no changes to allocations. We maintain a strong relationship with them.”
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports8 months agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Environment1 year agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway