Who are these data brokers - and why do they know more about us than we do?
They are called Adsquare, Zeotap, Equifax or Liveramp - and they deal in something that cannot be touched but can still be sold: our data. To be more precise: billions of digital traces that we leave behind every day. These companies use them to create neat little "profiles" - e.g. single mothers, SUV drivers or vegans with an affinity for travel - and sell them on to advertisers. They then know exactly who to bait with what.
What sounds like a Hollywood thriller is perfectly legal in reality - at least under certain conditions laid down in the General Data Protection Regulation (GDPR). However, data trading is not as clear-cut in practice as the rules seem on paper.
Loophole with a system: the "legitimate interest"
The trick used by data brokers is simple and effective: "legitimate interest". According to the GDPR, companies are allowed to collect data if they have a good reason for doing so - for example, to improve their services or for security reasons. The problem is that companies themselves decide what constitutes a "good reason" - and like to interpret the GDPR in their favor.
So what happens to our clicks, location data or purchasing interests? They often end up in data packages that are traded on marketplaces such as Datarade - in one case, according to research by BR and netzpolitik.org, it was around four billion location data from Germany. Data that can also be used for movement profiles - with potentially dangerous consequences for privacy and even national security.
Meta, Google & Co.: An entire advertising market on data feet
Large tech companies such as Meta and Google work closely with data brokers - directly or indirectly. Cookies and tracking pixels absorb behavioral data, even outside the platforms. If you search for "running shoes" on Google, you will see ads for sports drinks on Instagram the next day.
Consent banners, as required by the GDPR, are actually intended to ensure transparency. But let's be honest: who doesn't usually click on "Accept all" simply to get to the desired page quickly? This is exactly what data traders exploit - with our tacit consent.
The courts are fighting back - slowly but clearly
At least something is moving: in October 2024, the European Court of Justice (ECJ) ruled that Meta can no longer simply use all available data for advertising. The principle of data minimization applies - in other words, only the bare minimum may be collected. Another setback followed in February 2025 by the Stuttgart Regional Court, which clarified that Even if a website operator collects data, Meta needs its own consent to use it.
These rulings could massively restrict data trading - if they are consistently enforced. Because one thing is clear: at present, it is almost exclusively the platforms and intermediaries who benefit - not the people whose data is being processed.
More power for users - or data for money?
How can the imbalance between users and data traders be corrected? In Europe, the EU Data Act will ensure that we can decide for ourselves who can access data from connected devices such as fitness trackers from 2025. A pilot project in Brazil goes even further: users there receive a digital data wallet - they decide for themselves who they sell which data to. In the best case scenario: transparency for money.
But critics warn of a two-tier society in the data network. Who really knows what their own data is worth - or how much control they are really giving up?
Our data is worth billions - but doesn't earn us a cent
The fact that companies like Meta, Google and data brokers are building entire business models on the backs of users without giving us a real choice is simply absurd in our view.
The GDPR was a good start - but it is being systematically undermined. And as long as "legitimate interest" remains a free pass, little will change. Our demand: fewer banners, more real control. And if data is sold - then please with fair participation by those who own it.
