Data Brokers Laws

Data brokers are companies that buy and sell consumer data. Many have amassed enormous archives of data, and some have created specific “profiles” of each individual consumer that include their likes, dislikes, political and sexual orientation, and other personal information. This personal information becomes dark data, where consumers don’t know exactly where it exists or what will be done with it.

In the United States, there are general privacy protections that may curb the worst abuses of data brokers, but there are few laws that directly regulate the buying and selling of consumer information.

Vermont Data Broker Law

Vermont became the first state to pass a law explicitly regulating data brokers. The law defines a “data broker” as a business that “knowingly collects and sells” to other companies “the brokered personal information of a consumer with whom the business does not have a direct relationship.” In essence, the law does not consider a company to be a data broker if it is only selling its own customers’ information to third parties — although doing so may violate other laws. If Facebook, for example, sold its users information to the Chinese government, Facebook wouldn’t be considered a “data broker” in that context because it is selling the information of users with whom it has a direct relationship. The data broker law, instead, applies to companies like Acxiom that acquire consumer information, collect it, and sell it to others — without ever interacting directly with the consumers.

Types of Personal Information Protected by the VT Data Broker Law

The Vermont data broker statute covers the following categories of “brokered information”:

  1. name,
  2. address,
  3. date of birth,
  4. place of birth,
  5. mother’s maiden name,
  6. unique biometric data, such as fingerprints or retina scans,
  7. name or address of family members,
  8. Social Security number or other government-issued identification number,
  9. any other information that, alone or in combination with other brokered information, would allow a reasonable person to identify the consumer.

List of Data Brokers

Some of the most prominent data brokers are: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf, and Recorded Future.

We successfully resolved a lawsuit against Vizio that alleged the television-maker had sold customers’ viewing information to data brokers.

Report a violation of Data Broker Law:


About Us

Gibbs Law Group is a California-based law firm committed to protecting the rights of clients nationwide who have been harmed by corporate misconduct. We represent individuals, whistleblowers, employees, and small businesses across the U.S. against the world’s largest corporations. Our award-winning lawyers have achieved landmark recoveries and over a billion dollars for our clients in high-stakes class action and individual cases involving consumer protection, data breach, digital privacy, and federal and California employment lawsuits. Our attorneys have received numerous honors for their work, including “Top Plaintiff Lawyers in California,” “Top Class Action Attorneys Under 40,” “Consumer Protection MVP,” “Best Lawyers in America,” and “Top Cybersecurity/ Privacy Attorneys Under 40.”
titan of plaintiffs bar award
best law firm ranking
chambers USA leading firms award
daily journal top plaintiff lawyers award