Data Brokers Are Ignoring Privacy Law. We Deserve Better.

Of the many principles EFF fights for in consumer data privacy legislation, one of the most basic is a right to access the data companies have about you. It’s only fair. So many companies collect information about us without our knowledge or consent. We at least should have a way to find out what they purport to know about our lives.

Yet a recent paper from researchers at the University of Californian-Irvine found that, of 543 data brokers in California’s data broker registry at time of publishing, 43 percent failed to even respond to requests to access data.

43 percent of registered data brokers in California failed to even respond to requests to access data, one study shows.

Let’s stop there for a second. That’s more than four in ten companies from an industry that makes its money from collecting and selling our personal information, ignoring one of our most basic rights under the California Consumer Privacy Act: the right to know what information companies have about us.

Such failures violate the law. If this happens to you, you should file a complaint with the California Privacy Protection Agency (CPPA) and the California Attorney General's Office.

This is particularly galling because it’s not easy to file a request in the first place. As these researchers pointed out, there is no streamlined process for these time-consuming requests. People often won’t have the time or energy to see them through. Yet when someone does make the effort to file a request, some companies still feel just fine ignoring the law and their customers completely.

Four in ten data brokers are leaving requesters on read, in violation of the law and our privacy rights. That’s not a passing grade in anyone’s book.

Without consequences to back up our rights, as this research illustrates, many companies will bank on not getting caught, or factor weak slaps on the wrist into the cost of doing business.

This is why EFF fights for bills that have teeth. For example, we demand that people have the right to sue for privacy violations themselves—what’s known as a private right of action. Companies hate this form of enforcement, because it can cost them real money when they flout the law.

When the CCPA started out as a ballot initiative, it had a private right of action, including to enforce access requests. But when the legislature enacted the CCPA (in exchange for the initiative’s proponents removing it from the ballot), corporate interests killed the private right of action in negotiations.

We encourage the California Privacy Protection Agency and the California Attorney General’s Office, which both have the authority to bring these companies to task under the CCPA, to look into these findings. Moving forward, we all have to continue to fight for better laws, to strengthen existing laws, and call on states to enforce the laws on their books to respect everyone’s privacy. Data brokers must face real consequences for brazenly flouting our privacy rights.

Related Issues

Privacy

Know Your Rights

Related Updates

Deeplinks Blog by Tierney Hamilton | August 4, 2025

Digital Rights Are Everyone’s Business, and Yours Can Join the Fight!

Companies large and small are doubling down on digital rights, and we’re excited to see more and more of them join EFF. We’re first and always an organization who fights for users, so you might be asking: Why does EFF work with corporate donors, and why do they want...

Deeplinks Blog by Paige Collings | August 1, 2025

No, the UK’s Online Safety Act Doesn’t Make Children Safer Online

Young people should be able to access information, speak to each other and to the world, play games, and express themselves online without the government making decisions about what speech is permissible. But in one of the latest misguided attempts to protect children online, internet users of all ages...

Deeplinks Blog by Rindala Alajaji | July 28, 2025

You Went to a Drag Show—Now the State of Florida Wants Your Name

EFF has long warned about this kind of mission creep: where a law or policy supposedly aimed at public safety is turned into a tool for political retaliation or mass surveillance. Going to a drag show should not mean you forfeit your anonymity. It should not open you up to...

Deeplinks Blog by Adam Schwartz | July 21, 2025

EFF to Court: Protect Our Health Data from DHS

The federal government is trying to use Medicaid data to identify and deport immigrants. So EFF and our friends at EPIC and the Protect Democracy Project have filed an amicus brief asking a judge to block this dangerous violation of federal data privacy laws.Last month, the AP...

Deeplinks Blog by Paige Collings | July 21, 2025

Dating Apps Need to Learn How Consent Works

Staying safe whilst dating online should not be the responsibility of users—dating apps should be prioritizing our privacy by default, and laws should require companies to prioritize user privacy over their profit. But dating apps are taking shortcuts in safeguarding the privacy and security of users in favour of developing...

Deeplinks Blog by Hudson Hongo, Adam Schwartz | July 21, 2025

When Your Power Meter Becomes a Tool of Mass Surveillance

Sacramento’s power company and law enforcement agencies have been running an illegal mass surveillance scheme for years, using our power meters as home-mounted spies. The Electronic Frontier Foundation (EFF) is seeking to end Sacramento’s dragnet surveillance of energy customers and have asked for a court order to stop this practice...

Deeplinks Blog by David Greene, Christoph Schmon | July 17, 2025

We Support Wikimedia Foundation’s Challenge to UK’s Online Safety Act

The Electronic Frontier Foundation and ARTICLE 19 strongly support the Wikimedia Foundation’s legal challenge to the categorization regulations of the United Kingdom’s Online Safety Act.The Foundation – the non-profit that operates Wikipedia and other Wikimedia projects – announced its legal challenge...

Deeplinks Blog by Andrew Crocker | July 10, 2025

EFF Tells Virginia Court That Constitutional Privacy Protections Forbid Cops from Finding out Everyone Who Searched for a Keyword

Online queries can give insight into our private details and innermost thoughts, but police increasingly access them without adhering to longstanding limits on government investigative power.

Deeplinks Blog by Paige Collings, Matthew Guariglia | July 9, 2025

Data Brokers are Selling Your Flight Information to CBP and ICE

For many years, data brokers have existed in the shadows, exploiting gaps in privacy laws to harvest our information—all for their own profit. They sell our precise movements without our knowledge or meaningful consent to a variety of private and state actors, including law enforcement agencies. And they...

Deeplinks Blog by Matthew Guariglia, Hannah Zhao | July 8, 2025

EFF to US Court of Appeals: Protect Taxpayer Privacy

EFF has filed an amicus brief in Trabajadores v. Bessent, a case concerning the Internal Revenue Service (IRS) sharing protected personal tax information with the Department of Homeland Security for the purposes of immigration enforcement. Our expertise in privacy and data sharing makes us the ideal organization to step in...

Search form

Search form

Related Issues

Search form

Search form

Data Brokers Are Ignoring Privacy Law. We Deserve Better.

Data Brokers Are Ignoring Privacy Law. We Deserve Better.

Related Issues

Related Updates

Follow EFF:

Contact

About

Issues

Updates

Press

Donate