RSS

US data brokers sold Americans' location data to foreign adversaries

Predaxia2 pts0 comments

[UPDATED] The Data Brokers Selling US Data to Foreign Actors, According to California – EPIC – Electronic Privacy Information Center

Join EPIC’s fight to STOP THE SURVEILLANCE STATE.

epic.org/stop-the-surveillance-state

Dismiss message.

Search

Search

Analysis

[UPDATED] The Data Brokers Selling US Data to Foreign Actors, According to California

March 25, 2026<br>Justin Sherman, EPIC Scholar In Residence

Update 3/27, 10:30 a.m. ET: Following publication, seven of the 33 data brokers named in this post contacted EPIC and represented that they do not in fact sell or share data with “foreign actor[s]” within the meaning of the California Delete Act (North Korea, China, Russia, or Iran) and that the self-reported information in the California registry contains inaccuracies about their brokerage activities. These seven brokers are AggKnowledge Inc.; Bachmanity, Inc. DBA: Aviato; Clay Labs, Inc.; Command Precision Inc. DBA: Persistent.id; Irys, Inc.; Media.net Advertising FZ-LLC; and Warmly, Inc. One broker, Media.net Advertising FZ-LLC, also stated that it does not in fact collect precise geolocation data.

Many of the brokers mentioned in the original post, however, have not reached out disputing the self-reported information.

As noted, the information contained in California’s registry is provided by data brokers themselves. The apparent inaccuracy of registry entries for at least seven of those brokers underscores three important points. First, data brokers must take seriously their legal obligation to accurately disclose and describe their activities to California and other jurisdictions that regulate brokers.

Second, CalPrivacy and other regulators should not treat information self-reported by brokers as ground truth, as errors and omissions can cloud the picture of how, by whom, and to whom personal data is being trafficked for commercial gain. Data broker registries must, at a minimum, be paired with robust oversight and enforcement.

And third, the number of brokers that may have incorrectly reported their activities to California underscores a possibility: in addition to brokers that say they erroneously reported that they did sell data to “foreign actors” under California’s law, it is also possible that there are data brokers that erroneously reported that they did not sell data to said “foreign actors” when they in fact did so. This risk again speaks to the above two points about the importance of accurate, precise filings and legal compliance as well as robust enforcement.

Original post: On March 24, California released an updated registry of data brokers—companies in the business of collecting, inferring, aggregating, and selling people’s data. The 2026 California data broker registry includes data brokers that were operating in the state in 2025. It’s the latest annual update of the state’s public-facing, freely accessible, and searchable database of the third-party data brokers (those without a direct consumer relationship) selling categories of Californians’ data that are covered under state privacy laws.

Except with this update, there are a few catches—including the revelation that 33 California-registered data brokers reported selling data to or sharing data with, at least in 2025 (and potentially in 2026), non-US actors in North Korea, China, Russia, and/or Iran. Five of these data brokers that reportedly sold or shared data with foreign actors in 2025 even reported collecting precise geolocation data.

Data brokers’ business practices are already predatory and problematic, fundamentally premised on the collection and aggregation of people’s data that they received no fully informed, freely given, meaningful consent to collect, infer, aggregate, or sell in the first place. Selling to US actors alone, data brokers have for decades catalyzed stalking and gendered violence by selling people’s home address and other data to abusive individuals looking to commit harm; fueled data-driven scams, such as the mass distribution of bogus lottery offers to older Americans and other people in vulnerable positions; and even more recently contributed to violence against public servants in much the same way as they have for years in the stalking and gendered violence context.

But it’s also true that data brokers selling US data presents risks to national security—not only because of how those vast repositories of data can be particularly attractive targets for hackers, but also because they could sell sensitive data on US government personnel, US government locations, or the US public writ large to US foreign adversaries. At least 33 California-registered data brokers stating that they sold data to or shared data with US foreign adversary countries (“foreign actors,” in the registry’s label, defined more below) in 2025 underscores the urgency of a systemic legal and regulatory approach to reigning in the out-of-control data sale industry.

The 33 Data Brokers In Question

Under the Delete Act (aka...

data brokers california foreign selling actors

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.