Is using a data broker legal?

Yes, but it's regulated. Buying data is legal; lawful use is the test. In the UK and EU you need a lawful basis under GDPR and must inform people you hold their data. In the US, CAN-SPAM permits B2B email without prior consent. California requires data brokers to register with the state.

How do data brokers get my information?

From publicly available sources (company websites, professional profiles, public records), licensed third-party data, partnerships, and machine-learning models that infer or verify details. Some also use contributory data, where users share their own contact lists in exchange for access.

How do I remove my data from a data broker?

Most brokers offer an opt-out or data-subject request form. For example, ZoomInfo, Cognism and Apollo each publish a privacy or removal page. Under UK/EU GDPR you have the right to object to direct marketing and to request erasure; in California you can opt out of the sale of your data.

Are ZoomInfo and Cognism data brokers?

In substance, yes, both collect business-contact data and sell access to it. ZoomInfo is registered as a data broker in California, and Cognism is registered with the California Attorney General as well. Both position themselves around compliance, but the broker model is the same.

Is using a data broker legal?

Yes, but it's regulated. Buying data is legal; lawful use is the test. In the UK and EU you need a lawful basis under GDPR and must inform people you hold their data. In the US, CAN-SPAM permits B2B email without prior consent. California requires data brokers to register with the state.

How do data brokers get my information?

From publicly available sources (company websites, professional profiles, public records), licensed third-party data, partnerships, and machine-learning models that infer or verify details. Some also use contributory data, where users share their own contact lists in exchange for access.

How do I remove my data from a data broker?

Most brokers offer an opt-out or data-subject request form. For example, ZoomInfo, Cognism and Apollo each publish a privacy or removal page. Under UK/EU GDPR you have the right to object to direct marketing and to request erasure; in California you can opt out of the sale of your data.

Are ZoomInfo and Cognism data brokers?

In substance, yes, both collect business-contact data and sell access to it. ZoomInfo is registered as a data broker in California, and Cognism is registered with the California Attorney General as well. Both position themselves around compliance, but the broker model is the same.

Guide · UK & US · Updated June 2026

What is a data broker?

In short

A data broker is a company that collects information about people or businesses from public and third-party sources, then sells or licenses it. In B2B, brokers like ZoomInfo, Cognism and Apollo sell contact and company data to sales teams. It's legal but regulated: in the UK and EU you need a lawful basis to use it.

What a data broker actually does

A data broker is a business whose product is information about other people or companies. It gathers data from many sources, organises and enriches it, then sells or licenses access, usually by subscription or by the record. You rarely have a direct relationship with one, which is what makes the category feel opaque.

There are two broad kinds. Consumer data brokers trade in information about individuals’ personal lives: shopping habits, demographics, location. B2B data brokers (the focus here) trade in professional information: who works where, their job title, their work email and phone number, and details about the company. Tools like ZoomInfo, Cognism, Apollo, Lusha and Kaspr are, in substance, B2B data brokers, even when they market themselves as “sales intelligence” platforms.

How data brokers collect their data

Most B2B brokers blend several methods:

Publicly available information: company websites, public professional profiles, press releases, filings and other public records.
Licensed and partner data: bought or exchanged from other data companies.
Machine learning: to infer, match and verify records (for example, predicting an email format and then validating it).
Contributory / community data: where users connect their inboxes or contact lists and, in exchange for access, feed the broker’s database. Apollo openly describes its “living data network” with over 2 million contributors.

The collection method is the part that matters most for trust. Contributory and scraping-adjacent models have drawn the most regulatory scrutiny in Europe, which is why we weigh data sourcing and compliance heavily in our methodology.

Is it legal?

Yes: operating as, and buying from, a data broker is legal in the major markets, but it’s regulated, and the rules differ by region:

UK & EU: A work email is personal data, so GDPR applies. You need a lawful basis (usually legitimate interests) and must tell people you hold their data, as the ICO explains.
US: Far more permissive for email, but California requires data brokers to register with the state and lets residents opt out of the sale of their data under the CCPA.

We cover the full picture (UK, EU, US and Canada) in our guide on whether buying B2B data is legal.

How to opt out or remove your data

If your details are in a broker’s database and you want them out, you generally have the right to object or request erasure (UK/EU GDPR) or to opt out of sale (California CCPA). Each major broker publishes a route:

ZoomInfo: via its privacy policy and profile-removal process.
Cognism: via its data subject access request page.
Apollo: via its privacy centre and processing notice.

It can take a few weeks, and you may need to verify your identity. If a broker makes opt-out genuinely hard, that itself tells you something, and it’s one of the signals we factor into a provider’s compliance score.

To see how the major B2B brokers compare on sourcing, accuracy and compliance, start with our provider reviews.

Frequently asked questions

Is using a data broker legal?: Yes, but it's regulated. Buying data is legal; lawful use is the test. In the UK and EU you need a lawful basis under GDPR and must inform people you hold their data. In the US, CAN-SPAM permits B2B email without prior consent. California requires data brokers to register with the state.
How do data brokers get my information?: From publicly available sources (company websites, professional profiles, public records), licensed third-party data, partnerships, and machine-learning models that infer or verify details. Some also use contributory data, where users share their own contact lists in exchange for access.
How do I remove my data from a data broker?: Most brokers offer an opt-out or data-subject request form. For example, ZoomInfo, Cognism and Apollo each publish a privacy or removal page. Under UK/EU GDPR you have the right to object to direct marketing and to request erasure; in California you can opt out of the sale of your data.
Are ZoomInfo and Cognism data brokers?: In substance, yes, both collect business-contact data and sell access to it. ZoomInfo is registered as a data broker in California, and Cognism is registered with the California Attorney General as well. Both position themselves around compliance, but the broker model is the same.

This guide is general information, not legal advice. Rules change and depend on your circumstances. Confirm your obligations with the cited regulators or a qualified adviser before you act.