Data Brokers Have a Profile on Your Kid. Here's How to Remove It

There is an industry whose entire business model is collecting information about your family and selling it to anyone who pays. And your child almost certainly has a profile in at least a dozen of these databases right now. Data brokers — companies like Spokeo, BeenVerified, Intelius, and hundreds of others — aggregate personal information from public records, social media, loyalty programs, apps, and data breaches, then package and sell it. They don’t distinguish by age. A child who has ever had their name listed in a public school directory, attended a summer camp with a website, or whose birth was announced in a local newspaper has data out there.

The information in these profiles ranges from addresses and phone numbers to relatives’ names, school enrollment, photos, and purchasing behaviors. This data gets sold to marketers, private investigators, background check services — and it’s accessible to anyone willing to pay, including people who mean your child harm.

Key Takeaways

• Hundreds of data broker companies hold profiles on minors in the United States, built from public records, app data, and purchased consumer data
• The Children’s Online Privacy Protection Act (COPPA) covers websites and apps directed at children under 13, but does not broadly restrict data brokers from holding children’s information derived from other sources
• Most major brokers have opt-out processes, but these require individual submissions and must be repeated periodically
• Virginia, California, and Texas have enacted additional state-level data broker laws with deletion rights; other states are passing similar legislation
• The FTC has taken enforcement action against data brokers for failing to provide required opt-out mechanisms

What Data Brokers Actually Know About Your Child

The scope of information that data brokers compile is wider than most parents realize. A typical profile at a major broker might include:

• Full legal name and any nicknames
• Current and historical home addresses
• Parents’ names and contact information
• School enrollment and, in some cases, school name
• Age, date of birth, and gender
• Photos scraped from social media profiles
• Household income estimates
• Religious and political affiliation (inferred from purchase history and public records)
• Gaming handles and online usernames

The source of this data is varied. Public records — birth announcements, property records, voter registration (where parents are listed at addresses with children) — form one layer. Social media creates another: profile photos, tagged locations, and relationship connections are harvested through automated scraping. Apps and loyalty programs contribute behavioral data — what your child likes, where they shop, what they watch. And data breaches add stolen but now-circulating private information into the mix.

Why Children’s Data Is Particularly Valuable

Children represent a decades-long commercial opportunity. A child profiled at age 8 is a 20-year investment in future marketing. Predictive models built on childhood data are more accurate for lifetime behavioral forecasting than profiles built on adults. This makes children’s data commercially valuable beyond what any short-term marketing use would justify.

Predators also value this data. A profile that includes a child’s name, address, school, and photo — combined with their parents’ schedules — is exactly the kind of aggregated information that facilitates targeted access.

The Legal Framework: What COPPA Covers (and Doesn’t)

The Children’s Online Privacy Protection Act (COPPA), enforced by the FTC, prohibits websites and apps directed at children under 13 from collecting personal information without verifiable parental consent. This is meaningful protection in its intended domain.

However, COPPA does not cover:

• Data brokers who compile information from public records
• Apps that are not specifically directed at children, even if children use them
• Information derived from parents’ records that happens to identify children
• Data collected about children over 13

The FTC has proposed rulemaking to strengthen COPPA and has taken enforcement action against companies that violated existing rules. But the data broker industry as a whole operates largely outside COPPA’s reach.

Several states have moved to fill this gap:

State	Law	Key Provision for Minors
California	CCPA/CPRA	Right to deletion; opt-out of data sale; enhanced protections for minors under 16
Virginia	VCDPA	Right to deletion; opt-out of data sale
Texas	TDPSA	Right to deletion; opt-out of data sale
Colorado	CPA	Right to deletion; opt-out of profiling
Connecticut	CTDPA	Right to deletion; opt-out of data sale

If you live in one of these states, you have stronger legal grounds to demand deletion. Data brokers must comply with valid deletion requests under these laws.

The Major Data Brokers and Their Opt-Out Processes

There are estimated to be over 4,000 data broker companies in the United States. Opting out of all of them is not realistic. However, targeting the highest-volume brokers and the most commonly accessed people-search sites significantly reduces your child’s exposure.

Tier 1: Highest Priority (People-Search Sites)

These are the sites most commonly used to look up individuals:

Spokeo — spokeo.com/optout
Requires submitting the profile URL. Manual process, takes 2-5 business days.

BeenVerified — beenverified.com/opt-out/
Online form. Requires email confirmation.

Intelius — intelius.com/opt-out
Online form. Must submit for each profile separately.

Whitepages — whitepages.com/suppression_requests
Online form. Removes from Whitepages and several associated sites.

Radaris — radaris.com/page/how-to-remove
Requires creating an account to remove profile. Irritating but manageable.

PeopleFinders — peoplefinders.com/about/privacy
Email opt-out process.

MyLife — mylife.com/ccpa/index.purge.php
Online form. One of the more persistent re-aggregators — check back every 90 days.

Tier 2: Data Aggregators (Feed Other Brokers)

These companies don’t have consumer-facing profiles but sell data to others:

Acxiom — acxiom.com/optout
Opt-out form covers Acxiom and subsidiaries. Most comprehensive single opt-out available.

LexisNexis — lexisnexis.com/privacy/for-consumers/opt-out-of-lexisnexis.aspx
Covers many downstream products. Requires mail submission for full suppression.

CoreLogic — corelogic.com/privacy-center/
Online opt-out request form.

Oracle (BlueKai) — oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html
Opt-out via privacy portal.

A Realistic Opt-Out Strategy

Attempting to remove your child’s data from every broker is not feasible. A practical approach:

Step 1: Start with people-search sites. These are the most immediate risk because they’re directly accessible to anyone searching your child’s name online. Work through the Tier 1 list above.

Step 2: Submit to the major aggregators. Acxiom’s opt-out is particularly important because Acxiom data feeds hundreds of downstream brokers. One submission reduces your exposure across many smaller companies.

Step 3: Consider a paid service. Companies like DeleteMe, Kanary, and Privacy Bee automate the opt-out process and resubmit periodically (since brokers often re-acquire data). Annual subscriptions run $100-$200 but save significant time and provide ongoing coverage.

Step 4: Set a calendar reminder. Opt-outs are not permanent. Most brokers re-acquire and republish data from new sources within 3-6 months. A quarterly review of major sites is a reasonable maintenance routine.

Step 5: Lock down the source data. Reducing what goes into the broker pipeline reduces what they can republish. This means auditing privacy settings on social media, limiting what information you share with apps and loyalty programs, and reviewing whether your child’s school posts identifying information publicly.

What a Privacy-Protective Digital Footprint Looks Like

Beyond removal, limiting future data collection matters. Key practices:

Social media privacy: Set your child’s accounts (or your own accounts where children appear) to private. Be cautious about tagging your child’s location, school, or schedule.

Apps and permissions: Review what permissions apps request. Location, contacts, and microphone access are frequently unnecessary for app functionality and serve primarily to collect data.

School data: Many school websites publish honor rolls, sports rosters, and event photos that include children’s names and faces. Ask your school about their data sharing practices and request that your child’s information not be published publicly.

Forms and sign-ups: Every time you sign up for a loyalty program, contest, or newsletter using your home address and a child’s information, that data enters the broker pipeline. Use a PO box or secondary email address for these registrations when possible.

What to Watch For Over 3 Months

Month 1: Complete opt-out requests for all Tier 1 people-search sites and submit to Acxiom. Document which sites you’ve submitted to and the dates.

Month 2: Check each Tier 1 site to confirm your child’s profile has been removed. Resubmit any that haven’t processed. Begin researching Tier 2 aggregators.

Month 3: Perform a search for your child’s name on Google, Bing, and the major people-search sites. Assess remaining exposure. If using a paid service, verify it is actively resubmitting. Set a calendar reminder for the next quarterly review.

Frequently Asked Questions

Is my child’s data actually out there if I’ve never signed them up for anything?

Almost certainly yes. Public birth records, hospital announcements, school records, and your own online presence (social media posts mentioning your child, parenting forum accounts) all create data trails. Data brokers don’t require your participation — they aggregate from publicly available sources automatically.

Can I request deletion under COPPA for my young child?

COPPA deletion rights apply to data collected directly by websites and apps directed at children under 13. It does not give you direct deletion rights against data brokers who compiled information from other sources. State laws (California, Virginia, Texas, etc.) may give you broader deletion rights depending on your state of residence.

What about GDPR if I’m in Europe or Latin America?

The EU’s General Data Protection Regulation gives European residents much stronger rights, including the right to erasure (“right to be forgotten”) for any personal data, including children’s data. Several Latin American countries have passed similar data protection laws: Mexico’s Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), Brazil’s LGPD, and Argentina’s data protection law all include some form of deletion right.

Does my child’s school share data with brokers?

Not legally, under FERPA (the Family Educational Rights and Privacy Act), without consent. However, schools may have vendor contracts that inadvertently expose student data to companies with broker affiliates. You can request your school’s data sharing agreements under FERPA.

How do I know if my child’s data has been breached?

Sign up for breach notification at haveibeenpwned.com using any email addresses associated with your family. For SSN exposure, services like LifeLock, Identity Guard, or even Experian’s free dark web scan can notify you if your family’s data appears in known breach datasets.

---

About the author: Ricky Flores is the founder of HiWave Makers and an electrical engineer with 15+ years of experience building consumer technology at Apple, Samsung, and Texas Instruments. He writes about how kids learn to build, think, and create in a tech-saturated world. Read more at hiwavemakers.com.

---

Sources

1. Federal Trade Commission. (2024). Data Brokers: A Call for Transparency and Accountability. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
2. Federal Trade Commission. (2024). COPPA Enforcement Actions. https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa
3. Hoofnagle, C. J., et al. (2012). How different are young adults from older adults when it comes to information privacy attitudes and policies? SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2013098
4. California Privacy Protection Agency. (2024). CCPA/CPRA Consumer Rights. https://cppa.ca.gov/
5. Ghosh, A., & Roth, A. (2011). Selling privacy at auction. Proceedings of the 12th ACM Conference on Electronic Commerce. https://doi.org/10.1145/1993574.1993605
6. EPIC — Electronic Privacy Information Center. (2024). Data Brokers and Children’s Privacy. https://epic.org/
7. Crain, M. (2018). The limits of transparency: Data brokers and commodification of digital person data. New Media & Society, 20(1), 88–104. https://doi.org/10.1177/1461444816657096