Connect with us

Published

5 months ago

on

D3sign | Moment | Getty Images

Data brokers have long operated in the shadows of the internet, quietly amassing unprecedented amounts of personal information on billions of people across the globe, but few realize just how deep this data collection really goes.

In an age where every move you make online — every click, every purchase, every “like” — is meticulously harvested, packaged, and sold for profit, aggregated personal data has become a valuable commodity, and the global data broker industry is proof of that.

The rise of artificial intelligence tools poses the risk of even more personal information being scraped from the internet and an already opaque world of data brokering becoming even more aggressive, and that is heightening data privacy concerns. A 2023 study from Pew Research found that the American public increasingly says it does not understand what companies do with their data. According to Pew, 67% of Americans say they “understand little to nothing about what companies are doing with their personal data, up from 59% in its previous survey on the subject in 2019. A majority of Americans (73%) think they have “little to no control” over what companies do with their data.

Many people are unaware that something as simple as their phone number can be used by data brokers and bad actors to uncover highly sensitive information, including a Social Security number, address, email, and even family details, said Arjun Bhatnagar, co-founder and CEO of Cloaked, an app that disguises your personal information by generating a unique “identity” for each online account you have.

According to Roger Grimes, an expert at cybersecurity education firm KnowBe4, while many data brokers —especially the more well-known players — sell information responsibly, some of the smaller, unknown brokerages skirt regulations, push ethical boundaries, and exploit data in ways that can lead to misuse or harm. This is partly due to the hazy regulation landscape around data brokerage, which makes it easier for these practices to go unchecked.

Some of the largest providers of data brokerage services include Experian, Equifax, TransUnion, LexisNexis, Epsilon (formerly Acxiom), and CoreLogic, according to a ranking from OneRep, an online personal data management service. People-search services Spokeo and Intelius are also among the top data brokers, according to OneRep. These companies operate across multiple industries, handling both publicly available information and more sensitive consumer data. They offer various services, ranging from marketing analytics to credit scoring and background checks, and all of them have processes for requesting your data or asking for it to be deleted. However, depending on the state you live in, they may not have to comply.

Experian, Equifax and TransUnion are a good place to begin to understand how much the data industry has grown. While many consumers know these companies for their credit services, those are now just one piece of the revenue pie, with broader digital marketing of data increasingly important, according to Jeff Chester, founder and executive director of the Center for Digital Democracy, a Washington, D.C.,-based consumer privacy advocate. And data collection spans much farther across the economy, with companies from grocery stores offering discount programs to streaming video services amassing data that others will pay for. “Today, everyone is a data broker. Having the ability to reach someone online and target has become a core part of business,” Chester said.

“I try to lock down everything as much as I can, but I’m also aware that even though I’m a security expert, I’m probably overexposed,” said Bruno Kurtic, president and CEO of data security firm Bedrock Security.

As a basic step to limit financial risks, he recommends that all individuals freeze their credit reports as a proactive measure against identity theft and to prevent malicious actors from opening new accounts or loans in their name.

Inside data brokers’ massive vault

Cybersecurity experts estimate that data brokers collect an average of 1,000 data points on each individual with an online presence.

“It behooves them to collect as much as humanly possible about you, because the larger the information pool about you and the more specific they can get, the higher the cost of that data,” said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company founded by former National Security Agency personnel.

Here’s a breakdown of the types of information data brokers typically collect, according to privacy experts interviewed by CNBC:

  • Basic identifiers. Full name, address, phone number, and email.
  • Financial data. Credit scores and payment history.
  • Purchase history. What you search for online, what you buy, where you buy it, and how often you buy certain products.
  • Health data. Your medications, medical conditions, and your interactions with health-related apps or websites.
  • Behavioral data. Insights into your likes, dislikes, and the types of ads you’re likely to click on.
  • Real-time location data. GPS data from apps that track your commute, where you shop, and how often you visit certain places.
  • Inferred characteristics. Based on you’re your browsing and media consumption — the websites you visit, articles you read, videos you watch, data brokers draw insights about your lifestyle, income, preferences, religious or political beliefs, hobbies, and even your likelihood of charitable giving.
  • Relationships with family, friends, and colleagues. By analyzing your network of friends, followers, and connections on social media and messaging apps, data brokers can map out your relationships and even track how frequently you interact with certain individuals to determine the depth of your bonds.

Little oversight around data privacy

The lack of comprehensive regulation around data privacy allows data brokers to operate with little oversight, unlike the General Data Protection Regulation (GDPR) in the European Union.

“There is no comprehensive federal privacy law that specifically regulates the industry, which makes it hard to combat them,” said Chelsea Magnant, adjunct instructor of cyber leadership at NYU’s Center for Global Affairs and a director at corporate consulting firm Brunswick. “We essentially have a patchwork of state laws with varying privacy protections that these companies know how to navigate.”

California was the first to enact comprehensive legislation in 2018 with the California Consumer Privacy Act, giving residents more control over their personal data. In 2020, California voters approved an expansion of the CCPA, called the California Privacy Rights Act, which took effect in 2023. It offers the most extensive protections in the U.S., including data correction, limiting the use of sensitive information, and requiring businesses to honor opt-out preference signals. It also imposes stricter data-protection obligations on companies, such as minimizing data collection.

Since then, about 20 other U.S. states have followed suit; however, the specific rights and thresholds for which companies must comply vary widely between states.

“Different states have different business environments, economies, and viewpoints. This lack of a unified approach, something that protects all citizens across the country, leaves us vulnerable to data brokers,” said Rob Hughes, chief information security officer at RSA.

Even in states where the privacy laws are strict, there is skepticism that smaller companies on the margins of the data brokerage industry will follow them. “They have extremely sensitive data sets under their management, and they have to essentially behave like the most sensitive enterprises. And we know that some of these data brokers just don’t operate businesses like that,” Kurtic said.

How to take control of your data

To start protecting your privacy, it’s important to rethink how much personal information is shared on a daily basis, says Cloaked’s Bhatnagar. While we can’t fully hide, consumers need to develop new habits and tools to limit what we expose, from turning off permissions that track your location to saying no to cookies and refraining from posting personal details online. Additionally, using tools like secure browsers, VPNs, and tracker blockers can help.

Some of the largest technology companies in our daily lives, such as Apple, are continually updating and adding to privacy options, such as on the new iPhone and latest iOS update.

An Equifax spokeswoman said U.S. consumers can opt out of their personal information being shared in accordance with U.S. state privacy laws. On average, she said, opt-out requests made through the Equifax Privacy Preference Center are processed in less than one business day and consumers are informed of a successful submission through the company’s Preference Center. Consumers can also review the types of third-parties that companies such as Equifax share personal data within its privacy section.

Opt-out links and instructions are readily available for most of the major data brokers:

But data privacy experts says reclaiming or deleting your data from brokers can be a deliberately complex process that is not only time-consuming but frustrating. Each broker has its own opt-out requirements, and even after you’ve removed your data, it often reappears, sourced from other places.

“Removing your data from their systems impacts their bottom line, so they are disincentivized to make this easy for you,” said Henderson. “Ultimately, if you remove the information, they can’t sell that. So the more people who request their information be removed, the less attractive of a broker they are to the advertisers.”

There are data-removal services, such as DeleteMe, Kanary, OneRep, and PrivacyDuck, which charge a fee to manage these ongoing tasks, and are becoming increasingly popular. In October, Consumer Reports launched Permission Slip, a free app that helps you control which companies can collect, store and sell your personal data. It relies on donations to keep it going, either through the app or the Consumer Reports website.

For those opting for the DIY approach, here’s what the data privacy experts interviewed by CNBC recommend to get started:

Identify the brokers collecting your data. As already stated, this can be a daunting task, as many operate behind the scenes. However, there are a few methods you can use to track them down, says Henderson. One is to conduct a Google search using your name, phone number, and email address and see which brokers pop up. You’ll most likely find your name on sites like Spokeo, Whitepages, or MyLife. Another strategy is to visit the websites of the largest data brokers and search your information.

Submit opt-out requests. If you live in a state with data privacy regulations, you can submit a request to delete your data on the opt-out page of these companies’ websites, including at the links listed above, so they cannot share your data with third-party companies. It’s important to note that each broker may have different processes for handling these requests and state laws vary when it comes to what types of data are covered. Some data brokers may also require you to provide identification or verify your identity.

Check your results. After submitting opt-out requests, revisit the data brokers’ sites periodically to ensure your data has been removed. It may take several weeks or months for your request to be processed.

Engage in digital hygiene practices. Regularly reviewing and updating your online security practices is essential. Secure passwords, two-factor authentication, and encryption tools can help protect your information. Using virtual identities, such as alternative email addresses and phone numbers, can further safeguard your personal information.

Seek legal recourse if necessary. If a data broker refuses to comply with a deletion request, you may be able to file a formal complaint with regulatory authorities such as the Federal Trade Commission, which has brought cases against the industry.

However, it’s important to understand that not every state provides the same level of protection. Consult a privacy attorney if you believe your rights have been violated.

‘The future is unfortunately dark’

Experts say deleting the data is an imperfect solution, “a Band-Aid to address a gaping wound,” according to Chester.

“Consumers have been placed in a bad position,” he said. “Data is now a form of payment,” he added, referring to cases where the consumer wants a discount in the grocery store or pharmacy. “This is a comprehensive privacy problem which requires Congress or the FTC. The idea an individual can take care of their privacy … you can shut down a tiny bit of it, but you would need to spend a great deal of time, and once you opt-in to get a discount at a store, it all starts over again.”

The future of the data broker industry looks both promising and troubling as technological advancements continue. Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School, warns that data brokers will continue to evolve as AI and machine learning advance.

“With AI, data brokers will create even more detailed and predictive profiles, incorporating everything from biometric data to behavioral tracking,” Abed said. “The problem will increase, and things are going to become more complicated.”

Abed sees potential in blockchain and privacy-enhancing technologies, which could disrupt the data brokerage model by increasing transparency and giving individuals more control over their digital identities. However, he remains skeptical: “The future is unfortunately dark. It needs to be collaborative work. I don’t see the motivation right now from the main actors for a collaborative change.” 

“Telling our grandmothers or a child to configure settings on their social media and their browsers and search engines is not a winning proposition,” Kurtic said. “It’s going to take a combination of regulation, technology on the vendor side, and know-how on our own personal side.”

Until regulation steps in, data brokers will continue to collect as much data as possible. “These are revenue streams for companies that might not have other recurring revenue streams,” Henderson said. “And given there’s no regulation stopping businesses from selling information about you, I don’t see the practice stopping, especially given how lucrative it is.”

The rising tide of real estate cyber crime

Related Topics:
Continue Reading

Technology

Y Combinator startups are fastest growing, most profitable in fund history because of AI

Published

13 hours ago

on

March 15, 2025

By

Y Combinator startups are fastest growing, most profitable in fund history because of AI

Silicon Valley’s earliest stage companies are getting a major boost from artificial intelligence.

Startup accelerator Y Combinator — known for backing Airbnb, Dropbox and Stripe — this week held its annual demo day in San Francisco, where founders pitched their startups to an auditorium of potential venture capital investors.

Y Combinator CEO Garry Tan told CNBC that this group is growing significantly faster than past cohorts and with actual revenue. For the last nine months, the entire batch of YC companies in aggregate grew 10% per week, he said.

“It’s not just the number one or two companies — the whole batch is growing 10% week on week,” said Tan, who is also a Y Combinator alum. “That’s never happened before in early-stage venture.”

That growth spurt is thanks to leaps in artificial intelligence, Tan said. 

App developers can now offload or automate more repetitive tasks, and they can generate new code using large language models. Tan called it “vibe coding,” a term for letting models take the wheel and generate software. In some cases, AI can code entire apps.

The ability for AI to subsidize an otherwise heavy workload has allowed these companies to build with fewer people. For about a quarter of the current YC startups, 95% of their code was written by AI, Tan said.

“That sounds a little scary, but on the other hand, what that means for founders is that you don’t need a team of 50 or 100 engineers,” said Tan, adding that companies are reaching as much as $10 million in revenue with teams of less than 10 people. “You don’t have to raise as much. The capital goes much longer.”

The growth-at-all-costs mindset of Silicon Valley during the zero-interest-rate era has gone “out the window,” said Tan, pointing to a renewed focus on profitability. That focus on the bottom line also applies to megacap tech companies. Google, Meta and Amazon have gone through multiple rounds of layoffs and pulled back on hiring.

While that’s shaken some engineers, Tan described it as an opportunity. 

It’s easier to build a startup, and the top people in tech don’t have to prove their worth by going to work at big tech companies, he said.

“There’s a lot of anxiety in the job market, especially from young software engineers,” Tan said. “Maybe it’s that engineer who couldn’t get a job at Meta or Google who actually can build a standalone business making $10 million or $100 million a year with ten people — that’s such a powerful moment in software.”

About 80% of the YC companies that presented this week were AI focused, with a handful of robotics and semiconductor startups. This group of companies has been able to prove earlier commercial use compared to previous generations, Tan said. 

“There’s a ton of hype, but what’s unique about this moment is that people are actually getting commercial validation,” he said. “If you’re an investor at demo day, you’ll be able to call a real customer, and that person will say, ‘Yeah, we use the software every single day.'”

Y Combinator was founded in 2005 by Paul Graham, Jessica Livingston, Robert Morris and Trevor Blackwell. The firm invests $500,000 in startups in exchange for an equity stake. Those founders then enter a three-month program at the San Francisco headquarters and get guidance from partners and YC alumni. Demo day is a way to attract additional capital.

The firm has funded more than 5,3000 companies, which it says are worth more than $800 billion in total. Over a dozen of them are public, and more than 100 are valued at $1 billion or more. More than 15,000 companies apply to get into the accelerator, with about a 1% acceptance rate.

More of these venture capital incubators have popped up throughout the past decade, and more capital has flocked to early stage startups. Despite the competition, Tan argued that Y Combinator has an edge thanks to its strong network. He pointed to the number of highly valued portfolio companies rising, and pushed back on the idea that specialized incubators were taking business.

“About 20 to 30% of the companies during YC change their idea and sometimes their industry entirely. And if you end up with an incubator that is very specialized, you might not be able to change into the thing that you were supposed to,” Tan said. “We think that the network effects and the advantages of doing YC have only become more bold.”

Continue Reading

Technology

After Elon Musk’s Delaware exit, state lawmakers weigh bill to overhaul corporate law

Published

13 hours ago

on

March 15, 2025

By

After Elon Musk’s Delaware exit, state lawmakers weigh bill to overhaul corporate law

Tesla CEO Elon Musk looks on as US President Donald Trump speaks to the press as they stand next to a Tesla vehicle on the South Portico of the White House on March 11, 2025 in Washington, DC. 

Mandel Ngan | AFP | Getty Images

Tesla CEO Elon Musk turned Delaware’s corporate law into a hot-button topic last year after a judge there ruled that his $56 billion pay package from 2018 was illegally granted and should be rescinded.

In social media posts, Musk smeared the judge and became an outspoken critic of Delaware’s judiciary, moving the site of incorporation for Tesla and his other companies out of the state while encouraging others to follow suit. Dropbox moved its site of incorporation to Nevada, and Bill Ackman said his Pershing Square Capital Management would exit Delaware. Meta and Walmart are reportedly considering leaving.

After a flurry of such announcements, Delaware’s Senate Majority Leader Bryan Townsend, a corporate attorney by trade and former clerk for Delaware’s Court of Chancery, began looking into the matter with fellow elected leaders. He then moved to sponsor a bill, known as SB 21, aimed at making Delaware a more attractive state for businesses.

On Thursday, the state Senate voted to pass an amended version of SB 21. If it passes Delaware’s House of Representatives, in a vote expected next week, and gets signed by the governor, the bill would change the state’s corporate law. Notably, it would alter how companies can use independent directors and other officials to ensure deals they’ve made will pass muster in court, and limit the records that shareholders can obtain from companies when investigating possible wrongdoing.

Townsend told CNBC that the aim of the bill is to ensure Delaware corporate law is clearer and more predictable, and that the state remains attractive to both investors and corporate leaders.

Many institutional investors, legal scholars and shareholders’ attorneys have opposed the bill, arguing that it would harm minority shareholders and allow boards and executives to make decisions based on their own interests rather than for the broader investor base.

The International Corporate Governance Network (ICGN), consisting of investors with more than $90 trillion in combined assets under management, spoke out against the bill on Tuesday. According to its website, ICGN members include Alliance Bernstein, the Swedish AP funds, BlackRock, CalPERS, CalSTRS, Franklin Templeton, Norges and Vanguard.

Elon Musk could go too far with Congress and hurt Trump's agenda, says Raymond James' Ed Mills

ICGN CEO Jen Sisson cautioned in a letter sent to Delaware state senators and representatives that SB 21 “will be detrimental to shareholder rights, with potentially significant negative implications for long-term returns for investors, including people saving for their retirements, current retirees and other individuals investing their savings.”

Sisson also said the bill would “reduce judicial oversight” and diminish shareholders’ trust that they can “seek remedies through litigation, when necessary.”

The anti-Delaware sentiment has at least some political motivations. While aligning themselves with President Donald Trump, executives like Musk and Ackman are trying to publicly undermine what they describe as “activist judges” who have issued rulings they found disagreeable.

Musk also has a lot of money potentially at stake. If adopted, legal scholars have argued, the new law could help the world’s richest person in his effort to reverse the court’s order in January 2024 that rescinded his mammoth pay package.

Unusual rollout

In her ruling, Delaware Chancery Court Judge Kathaleen McCormick said Musk’s compensation plan had been inappropriately set by Tesla’s board, which was controlled by Musk, and approved by shareholders who were misled by Tesla’s proxy materials before being asked to vote on the matter. Musk filed for an appeal, and the case is now in the hands of the Delaware Supreme Court.

As CNBC previously reported, Richards, Layton & Finger, a corporate defense firm whose clients include Musk and Tesla, helped draft the bill. The firm told CNBC that it wasn’t working on behalf of any specific client and that it was “part of a group, including highly respected lawyers, professors, and former jurists.”

Other shareholders’ attorneys have opposed SB21, or called for significant revisions, in part because of the bill’s unusual rollout.

Changes to Delaware corporate law historically have been drafted by a broad coalition of attorneys representing companies, executives and minority shareholders, and who are part of the Delaware State Bar Association’s Corporation Law Council (CLC).

SB 21 was introduced to Delaware’s legislature on Feb. 17, without any initial review or participation by the CLC.

Matt Meyer, candidate in the 2024 Delaware gubernatorial election to replace term-limited incumbent governor John Carney.

Courtesy: New Castle County

Townsend said Delaware’s elected leaders had fielded complaints from a number of public companies, or attorneys representing them, which he declined to name. Their frustrations had reached a “boiling point” he said, while other states like Texas and Nevada were making a concerted effort to provide an alternative.

“We wanted to address what we can legislatively,” Townsend said.

If Delaware’s House passes the bill, it would hit the desk of Democratic Gov. Matt Meyer.

Even though Delaware is a heavily Democratic state — Trump lost by almost 15% in the 2024 election — the legislation has support from some prominent party leaders, including the governor, as well as corporate defense attorneys, legal scholars and former Delaware litigants unhappy with prior rulings in the state.

Meyer said in an interview on Tuesday with CNBC’s Andrew Ross Sorkin that attorneys and corporate executives have told him that “there is some loss of clarity, predictability and fairness” in Delaware’s corporate law that he believes should be remedied.

A group of 21 law firms, including Cravath, Swaine & Moore, Gibson Dunn and Latham Watkins, sent a letter of encouragement to the state’s general assembly dated March 11.

The group wrote that the bill “provides statutory definitions and safe harbors that enhance clarity and will facilitate proactive evaluation of director appointments, conflicts cleansing and transactional planning.” SB 21 could also help companies incorporated in Delaware to “streamline corporate decision-making and transactional execution,” the lawyers wrote.

In his CNBC interview, Meyer downplayed fears that a so-called DExit was underway, a reference to a mass exodus of companies out of Delaware to incorporate in other states.

Delaware boasts 2.2 million corporate entities from around the world that are registered in the state, including 81% of U.S. companies that went public last year, Meyer said, adding, “The idea that we’re losing something is not totally accurate.”

When he was running for governor, Meyer’s campaign was heavily supported by entrepreneur Phil Shawe, a former Delaware litigant who became an outspoken critic of the state’s Court of Chancery after he was sanctioned in a case concerning who should maintain ownership of a business he started with his ex-fiancee. In 2018, he moved incorporation of the company, TransPerfect, to Nevada.

Last year, Shawe spent $2 million on an ad campaign slamming Delaware, and supporting Musk, all while encouraging other companies to flee the state. Shawe also contributed over $1 million to fund a political action committee supporting Meyer.

Shawe told CNBC, in an emailed statement, that he was not involved in drafting SB21 but “had lots of concerns and ideas” about Delaware’s Court of Chancery, and was “proud to have been at the forefront of this important discussion.”

Gov. Meyer’s office didn’t respond to a request for comment.

WATCH: Interview with Delaware Gov. Matt Meyer

Delaware Gov. Matt Meyer: The idea that the state is losing its corporate brand isn't accurate

Continue Reading

Technology

Intel’s new CEO receives $66 million in options and stock grants on top of $1 million salary

Published

1 day ago

on

March 14, 2025

By

Intel's new CEO receives million in options and stock grants on top of million salary

Intel appoints Lip-Bu Tan as CEO.

Courtesy: Intel

New Intel CEO Lip-Bu Tan will receive total compensation of $1 million in salary and about $66 million in stock options and grants vesting over the coming years, according to filing on Friday with the SEC.

Tan was named as the chief of Intel this week, spurring hopes that the chip industry veteran can turn around the struggling company. Intel shares are up nearly 20% so far in 2025, and most of those gains came this week, following Tan’s appointment. He starts next week.

Tan will receive $1 million in salary, and he is eligible for an annual bonus worth $2 million.

He will also receive stock units in a long-term equity grant valued at $14.4 million, as well as a performance grant of $17 million in Intel shares. Both grants will vest over a period of five years, although Tan won’t earn any of those shares if Intel’s stock price drops over the next three years. He can earn more stock if the company’s share price outperforms the market.

Tan will receive a package of stock options worth $9.6 million, as well as a new hire option grant worth $25 million.

In total, Tan’s compensation package has about $66 million in long-term equity awards and options in addition to salary, bonuses, and legal expenses. If Intel goes through a change of control, Tan could be eligible for accelerated vesting, according to the filing.

“Lip-Bu’s compensation reflects his experience and credentials as an accomplished technology leader with deep industry experience and is market competitive,” Intel said in an emailed comment. “The vast majority of his compensation is equity-based and tied to long-term shareholder value creation.”

Separately, Tan agreed to purchase $25 million in Intel shares and hold them in order to be eligible for the grants and bonuses.

WATCH: Cramer on new Intel CEO

Jim Cramer talks impact of Intel's new CEO announcement

Continue Reading

Trending