A traditional data broker is generally understood to be a company whose primary business model revolves around collecting information about individuals, aggregating it from multiple sources, and then selling or licensing that information to other organizations. Most consumers never interact with these companies directly and may not even be aware of their existence. Data brokers typically operate behind the scenes in industries such as advertising, finance, insurance, and analytics, and are often distinguished by the absence of any direct relationship with the individuals whose data they collect and commercialize.

Conventional data broker operations rely on sourcing data from a broad array of inputs, including public records, commercial transactions, online activity, surveys, loyalty programs, mobile applications, and third-party data providers. While individual data points may appear routine or low-risk in isolation, data brokers specialize in aggregating, correlating, and linking these signals across contexts. Over time, this enables the creation of increasingly detailed profiles that describe a person’s characteristics, interests, behaviors, or predicted future actions, often without the individual’s awareness or meaningful opportunity to intervene.

These profiles are then packaged and distributed through data feeds, audience segments, enrichment products, or similar offerings. Buyers may include advertisers seeking highly granular targeting, lenders assessing credit or risk, insurers evaluating exposure, or retailers supplementing their internal datasets. Importantly, traditional data brokers typically operate independently of any single client’s instructions. They determine how data is collected, combined, reused, and monetized, and frequently sell the same data repeatedly for different purposes, maximizing reuse rather than minimizing exposure.

Because this model depends on scale, reuse, and limited consumer visibility, data brokers have increasingly drawn regulatory scrutiny. Individuals are often unaware that their information is being collected, profiled, and sold, and historically have had limited ability to understand, access, or control these practices. This opacity, as opposed to single data points, has been a central concern driving modern privacy legislation and regulatory oversight of the data broker industry.

In everyday terms, a data broker is commonly understood as an entity that collects information about people from many disparate sources, packages that information into a commercial product, and sells or licenses it onward. This colloquial understanding is important, as it explains why the term “data broker” can carry negative connotations and why it is sometimes applied broadly, even to companies whose operations differ materially from that model.

A common example is a people-search website that enables users to look up individuals by name, phone number, email address, or address, and view information about that person and their known associations.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), however, “data broker” has a specific statutory definition. California law defines a data broker as a business that knowingly collects and sells personal information of consumers with whom it does not have a direct relationship. This legal definition governs regulatory obligations, even where it diverges from how consumers or the public typically understand the term.

DealerX acknowledges that the definitions of “personal information” under the CCPA and CPRA are broad. Accordingly, where required, DealerX registers as a data broker and complies with all applicable registration and operational obligations. At the same time, DealerX does not “sell” consumer personal information in the way that term is commonly associated with traditional data brokers, which typically aggregate consumer information and make it broadly available to third-party purchasers. DealerX does not create, maintain, or monetize independent consumer profiles outside the specific context in which the data is collected and used, automotive. Rather, DealerX processes client data within that limited context and derives aggregated insights from contextual signals and keywords associated with related browsing activity. These insights enable brands to reach relevant prospective audiences through targeted omnichannel communications, without relying on persistent individual consumer profiles unrelated to automotive intent or on the broad resale of personal information.

Understanding this distinction helps clarify why DealerX may be treated as a data broker under the statute, while operating in a manner that is materially different from what most consumers associate with traditional data broker practices in real-world terms.