How to Disappear from Data Brokers
A practical guide to removing your personal information from data broker sites — with a focus on your GDPR rights.
There are companies you've never heard of that know your name, address, phone number, email, age, and the names of your relatives.
They're called data brokers. They collect information from public records, social media, purchases, and other data brokers — then sell it to anyone willing to pay. Advertisers, scammers, whoever.
The good news: if you're in Europe, you have strong legal rights to make them delete your data. The process is still tedious, but the law is on your side.
Your Rights Under GDPR
If you're in the EU, EEA, or UK, the General Data Protection Regulation gives you powerful tools:
Right to Access (Article 15) — You can request a copy of all personal data a company holds about you.
Right to Erasure (Article 17) — The famous "right to be forgotten." You can demand deletion of your personal data.
Right to Object (Article 21) — You can object to processing of your data for direct marketing. They must stop.
Companies have 30 days to respond to GDPR requests. If they refuse without valid reason, you can file a complaint with your national data protection authority.
For Iceland specifically: Persónuvernd (personuvernd.is) handles GDPR enforcement.
The Magic Words
When contacting data brokers, use language that invokes your legal rights:
"Under Article 17 of the GDPR, I request the erasure of all personal data you hold about me. Please confirm deletion within 30 days as required by law."
Include:
- Your full name (and any variations they might have)
- Your email address
- Enough identifying info for them to find your records
- A clear statement that you're exercising your GDPR rights
This works better than a simple "please remove me" because you're citing specific legal obligations.
Major International Data Brokers
These operate globally and likely have your data:
Acxiom
One of the largest data brokers worldwide.
- Go to isapps.acxiom.com/optout
- Submit your information for removal
- For full GDPR erasure, email: gdpr@acxiom.com
Oracle Data Cloud (BlueKai)
Oracle bought several data brokers and combined them.
- GDPR requests: privacyinquiries_ww@oracle.com
- Opt-out portal: datacloudoptout.oracle.com
Experian (Marketing Services)
Yes, the credit bureau also sells marketing data.
- UK/EU opt-out: consumer.support.uk@experian.com
- Be specific that you want marketing data removed, not just credit data
Nielsen
Collects consumer behaviour data globally.
- GDPR contact: privacy.department@nielsen.com
- Be explicit about invoking Article 17
Epsilon
Major marketing data company.
- GDPR requests: privacy@epsilon.com
European-Specific Data Brokers
118 Services (UK/EU)
People-search directories.
- Submit removal requests through their individual sites
- Reference GDPR Article 17 in your request
Infobel
European directory service.
- Contact: privacy@infobel.com
- They operate in multiple European countries
Local Directory Services
Search for your name + country + "directory" and you'll likely find regional services. Each must honour GDPR deletion requests.
Social Media and Search Engines
Request removal of personal info from search results:
- support.google.com/websearch/answer/9673730
- Google will remove phone numbers, addresses, and other personal data from search results
- This doesn't delete the source — just hides it from Google
Facebook/Meta
Even without an account, Facebook may have a "shadow profile" of you.
- Submit a GDPR request: www.facebook.com/help/contact/540977946302970
- Privacy settings: remove yourself from search engines
- GDPR requests via their privacy portal
Automation Options
Doing this manually takes hours. Some services handle it for you:
Incogni (~€6/month, owned by Surfshark) — Handles GDPR requests to data brokers automatically. European-friendly.
DeleteMe (~€10/month) — US-focused but handles international brokers. Works for US data exposure if you've lived/worked there.
Mine (free tier available) — Discovers which companies have your data and helps send deletion requests.
Privacy Bee — Monitors and removes your data continuously.
Are these worth it? If your time is valuable, yes. They handle the tedious follow-up that you'd otherwise neglect.
What About US-Based Brokers?
If you've ever had any US connection (visited, bought from US companies, signed up for US services), American data brokers probably have your info too:
- Spokeo, Whitepages, BeenVerified, PeopleFinder, etc.
The bad news: GDPR doesn't apply to US companies with no EU presence. The good news: many still honour opt-out requests because it's easier than maintaining separate systems.
For these, you'll need to use their individual opt-out pages. Search for "[company name] opt out" and follow their process.
Practical Steps
Week 1: Discovery
- Google yourself (your name, email, phone, address)
- Use haveibeenpwned.com to see which breaches exposed your email
- Search for your name on people-search sites
- Make a list of everywhere you find your info
Week 2-3: GDPR Requests
- Draft a template email citing Article 17
- Send to each company on your list
- Keep copies of all requests (you'll need them if filing complaints)
Week 4+: Follow Up
- Check responses within 30 days
- Send reminders to non-responders
- File complaints with your data protection authority for companies that ignore you
Ongoing
- Set a calendar reminder every 6 months
- Re-search yourself and repeat the process
- Your data will reappear — this is maintenance, not a one-time fix
If Companies Ignore You
This is where EU law really helps. If a company ignores your GDPR request:
- Send a formal follow-up referencing your original request
- Set a deadline (7-14 days)
- If still ignored, file a complaint with your national DPA:
- Iceland: Persónuvernd (personuvernd.is)
- Ireland: Data Protection Commission
- Germany: Your state's Datenschutzbeauftragte
- etc.
The DPA can investigate and issue fines. Companies take this seriously.
Reducing Future Exposure
Opt-outs are reactive. To limit new data collection:
Use masked emails — Services like SimpleLogin or Firefox Relay create unique email addresses. When spam starts arriving, you know who sold your data.
Limit social media exposure — Set profiles to private. Remove personal details.
Be careful with "free" services — If it's free, your data is often the product.
Use privacy-respecting alternatives — ProtonMail instead of Gmail. Signal instead of WhatsApp. DuckDuckGo instead of Google.
Think before entering info — Every form, contest, and loyalty card is potential broker fodder.
Is This Actually Effective?
Partially.
You can remove yourself from most consumer-facing data brokers. This stops casual searches and makes stalking/doxxing harder.
But you can't remove yourself from:
- Government records (most are public by law)
- Legitimate business relationships (companies you have accounts with)
- Data that's already been sold and resold before your request
The goal isn't invisibility — it's making your information harder to find than average. That's achievable.
The Bottom Line
In Europe, you have real legal power over your personal data. Use it.
Start with the big international brokers, Google yourself regularly, and file complaints when companies ignore you. It takes time initially, but maintenance is just a few hours twice a year.
Your data has value. Reclaiming control over it is worth the effort.
Join the Newsletter
Weekly insights on cybersecurity, digital privacy, and AI tools. Practical advice for non-technical people.