How EPIC's Data Broker Opt-Out Report Reframes Privacy as a Safety Mandate

Data broker opt-outs aren't broken. They're deliberately designed to frustrate, delay, and fail the people who most urgently need to vanish from commercial databases, a new EPIC report that audited 38 major data companies found. It reframes the digital privacy debate in stark, corporeal terms. But the EPIC researchers didn't find a patchwork of earnest but flawed compliance. They found manipulative patterns that make exercising a legal right nearly impossible and tied those failures directly to physical safety. So they cited the case of a man charged with murdering a Minnesota state representative and her husband after using people-search data brokers to locate their home address. The report argues that for domestic violence survivors, public officials, and targeted communities, the opt-out isn't a convenience preference. It's a safety mandate. EPIC catalogued at least eight distinct categories of manipulative design, each one carving a separate barrier between a consumer and the removal of their personal data. Opt-out forms exist that don't actually let users opt out of the sale of their data. Links are buried in fine print and missing from homepages. Consumers are routed through multiple separate forms to complete a single request. Several companies demand that a person create an account or pay for a subscription before they can even begin the opt-out process. The pattern is structural, not incidental. It echoes a familiar industry tension, data brokers and AI firms' business models rely on the uninterrupted flow of personal information, while the opt-out is an interruption that costs resources and reduces inventory. When the opt-out path is made labyrinthine, the friction itself becomes a form of compliance theatre that preserves the data flow while appearing to offer control.

• Forms that do not permit opting out of the sale or transfer of personal data
• Links buried in fine print, missing from homepages or privacy policies
• Multiple separate forms required to complete a single request
• Requirements to create an account or pay a subscription before opting out
• Preselected toggles that default users into data sharing

Data Broker Opt-Out Fails the Safety Test

Thirty-eight major data companies were put under the microscope. The safety implications surface immediately in the people-search broker segment. EPIC's researchers found that Spokeo, Whitepages, and National Public Data don't offer consumers a way to opt out of the sale or transfer of their data at all. Instead, they provide a process for removing individual listings by URL, one at a time, with no commitment to stop selling that same person's information in the future. Spokeo tells consumers directly that their information “may reappear on Spokeo in the future without notice” and instructs them to “regularly check” the site for new listings. That's not a bug. It's a warning embedded in the product. So for people trying to erase a home address that a stalker or an abuser might use, the data broker opt-out becomes a game of whack-a-mole with life-or-death stakes.

EPIC frames this as a safety issue by design. The report cites a December 2025 EPIC analysis on the use of data brokers against domestic violence survivors and another on threats to public officials at every level of government. For people in those categories, the opt-out is often the only mechanism available to remove a home address from circulation before someone shows up at the door. The murder of Minnesota state representative Melissa Hortman and her husband Mark in June 2025, after the alleged killer used people-search data brokers to find their address, is not presented as an isolated tragedy but as a foreseeable consequence of a system that makes removal deliberately difficult. EPIC names the groups that bear the brunt without hedging.

• Domestic violence survivors
• Women and women of color
• LGBTQ+ individuals
• Public officials and their families

The Industry’s Contradiction

Palantir told WIRED it had been "erroneously included" in the report alongside data brokers because it's not a data collection or mining company and doesn't sell personal data. But that framing misses something. The EPIC audit found no opt-out process on Palantir's site without logging in, and the privacy form lacked an opt-out option for sale or sharing. TikTok, Amazon, and the gunfire-detection vendor SoundThinking had the same gap. Amazon's spokesperson argued the company doesn't sell customer personal information, so customers are opted out by default, and pointed to "Your Ads Privacy Choices" and "Advertising Preferences" pages. Yet those pages acknowledge data sharing for advertising. That's a sale. Under several state laws. The distinction between "sell" and "share" becomes semantic when the outcome is that a person's information ends up in the hands of partners who may use it in ways the individual never consented to. OpenAI's spokesperson similarly stated the company doesn't sell user data but acknowledged sharing limited data with marketing partners for targeted and cross-contextual behavioral advertising. So the data broker opt-out question is no longer just about transaction. It's about any transfer that erodes a person's ability to stay safe.

The Spokeo Warning

“your information may reappear on Spokeo in the future without notice”

Spokeo can't promise. Even when a consumer successfully removes a listing, the company can't promise it won't sell the same person's data again from a different source. It's a frustrating system. The URL-based removal method treats each listing as a separate entity, not the person behind it, and that's a huge problem for anyone trying to escape. But Whitepages takes the friction further by gating full reports behind a paid Premium subscription, so an individual might have to pay the broker to find the information they need to opt out of it. That financial barrier is particularly acute for domestic violence survivors who may be cut off from joint finances. So the safety argument lands with weight here because the design choices directly burden the people EPIC identifies as most reliant on the data broker opt-out working.

An Illusion of Choice on Bumble

Bumble defaults users into data sharing. It uses preselected toggles, a dark pattern that EPIC documented across four companies. The "Do Not Sell" option is styled to look selected by default, but it's actually the option a user must click to opt out. Visual manipulation flips consent's meaning. And researchers couldn't locate an opt-out process at all without first logging in across Meta, X, OpenAI, and Tinder. HireVue and the surveillance vendor DataTrust compound the problem by framing their opt-out instructions as available only to California residents, even though 20 other states have passed laws granting opt-out rights.

Data Broker Opt-Out and the Road to Data Minimization

The opt-out fails. This isn't just a demand for better forms; it's an argument that the data broker opt-out can't scale to match the threat even if every company made it easy, because a person would still have to find and submit a request to every company that holds, sells, or transfers their data. So EPIC's conclusion flips the burden: the real remedy is not better forms but less collection, rules that bar companies from gathering personal information they never needed in the first place. That pushes the conversation beyond consumer friction and into the architecture of data harvesting itself. Regulators reading the report will see a safety mandate, not a consumer complaint. And the use of a data broker to locate and kill a public official erases any remaining distance between privacy policy and physical security. The opt-out is not a feature to be improved. It's the last line of defence for people who have none. Its persistent failure becomes a policy liability that companies can no longer dismiss with a privacy portal.