By 2024, AI had done more than disrupt industries. It had quietly supercharged one: data brokerage.
Few consumers ever meet a data broker and even fewer understand what they do. But their work touches nearly every person with a smartphone, a loyalty card, or an internet connection.
The Invisible Harvest
Data brokers operate in silence. They gather, compile, and sort.
According to vpnMentor: “They often do this indirectly and without explicit consent, instead maximizing public records, traceable online activity, or other openly accessible channels.
Names, phone numbers, IP addresses. Birthdays, income brackets, voter registrations, browsing habits, shopping carts, and app usage. Even your moods and beliefs, gleaned from what you click, where you pause, and what you say online.
They take this raw material and stitch it into profiles. Thousands of data points per person, updated constantly, sold to those who can afford them.
Marketers. Insurers. Banks. Political campaigns. Intelligence services. If your data has value, someone is buying it.
The sources are numerous and include Websites and apps, public records, credit reports, and social media activity, loyalty programs, and data marketplaces.
Each click is a thread. Together, they paint a picture.
The Business of Knowing
Data brokers have collected personally identifiable information (PII) from at least 70% of the world’s online population.
In 2024, vpnMentor said the global data broker industry was reportedly worth around US$390 billion. This year, it’s projected to earn US$262.28 billion in revenue, and forecasts place its market value as high as US$672 billion by 2032.
“In comparison, the global cybersecurity market was valued at under US$200 billion in 2023, while social media was worth around US$251.45 billion in 2024,” researchers said.
Companies want precision. Who buys what? Who’s likely to churn? Who qualifies for a loan? Who clicks on ads? Data brokers deliver these answers.
Firms like Acxiom, Experian, Equifax, Oracle Data Cloud, and LexisNexis are household names in the industry. Their revenue runs into the billions. Their clients span finance, retail, advertising, and government.
This is no longer marketing alone, it is infrastructure.
AI and the New Surveillance
Artificial intelligence has changed the game. What once took weeks now takes seconds.
Cross-device tracking follows users from phone to laptop to smart TV. Some methods are deterministic, relying on logins and account IDs. Others are probabilistic, connecting dots through IP addresses and behavioral clues.
AI ties these pieces of information together. It can infer preferences, predict actions, and adapt in real time. It refines profiles using machine learning and tailors ads or offers accordingly.
It’s easy to see why this could be dangerous.
Profiles become more accurate and more deeply embedded in the digital experience, and, in many cases, more prone to misuse.
Cracks in the System
The backlash has begun.
Public anger rose with stories of manipulation, surveillance, and bias. Facebook’s microtargeting of vulnerable users. Spotify’s emotional profiling. Clearview AI scraping faces without consent. Predictive policing models gone wrong. Algorithms that discriminate based on race or gender.
Each case chipped away at public trust.
Governments responded, but slowly. The EU’s GDPR. California’s CCPA. Brazil’s LGPD. Canada’s PIPEDA. These laws gave consumers rights: to access, delete, port, or opt out of their data.
But enforcement is inconsistent. Small players often go unnoticed. And the shadow market thrives, dwarfing the legal one in reach and volume.
The result was a regulatory net full of holes.
What Lies Ahead
Data is now a currency, as it is bought, sold, stolen, and traded.
AI makes profiling faster, more granular, and far more invasive. It widens the gap between what companies know and what consumers understand.
The rules we have are not enough. Regulation need to evolve faster, clearer, and stronger. Businesses must be held to account, not only for what they collect but also for how they use it.
Consumers can do only so much, like adjust privacy settings, use ad blockers, and limit permissions.
But the true responsibility lies with the institutions that profit from personal data and the governments that permit it.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.