Have you ever wondered how your phone number or email address ended up in the hands of a stranger—or worse, a political party you’ve never supported?
If you’ve received a flood of unsolicited texts or emails during election season, you’re not alone.
The shadowy world of data brokers is alive and well in Australia, quietly trading your personal information behind the scenes, often without your knowledge or consent.
Let’s take a closer look at how this happens, why it’s so hard to stop, and what you can do about it.
A personal mystery: How did they get my details?
Priya Dev, a data science academic at the Australian National University, found herself in the thick of this mystery during the 2025 federal election.
Like many Australians, she was bombarded with political spam—17 million texts from Clive Palmer’s campaign alone, not to mention emails from major parties.
But what really caught her attention was an email addressed to a fake name she’d used years ago for online shopping.
That same alias had previously received spam from a minor party in 2020.
‘It looks like it’s come from a transaction,’ Priya said. ‘Probably some sort of online e-commerce or energy deal.’
But when she tried to trace the source, she hit a wall.
Political parties in Australia are exempt from privacy laws, so they don’t have to tell you how they got your data, nor do they have to offer an opt out.
This wasn’t Priya’s first attempt. After a barrage of unwanted calls, she managed to trace her phone number back to real estate giant CoreLogic Australia.
They’d bought her data from another broker in 2023, who’d acquired it from yet another broker in 2016, who’d picked it up during a 2014 marketing campaign.
By then, her details had likely been passed to at least 50 other companies. And Priya’s story isn’t unique.
In one case, a child’s email address used for a charity fundraiser a decade ago was targeted with political spam during the most recent election.
The web of data sharing is vast and tangled.
The data broker web: Who are they and what do they collect?
So, who are these data brokers, and what exactly are they collecting?
The answer: almost everything.
According to a 2023 submission to the Australian Competition and Consumer Commission (ACCC), data brokers enable the exchange of information between businesses ‘in the consumer interest’.
But what does that really mean?
Data collected can include your name, address, age, browsing and purchasing behaviour, financial status, employment history, qualifications, tenancy records, and a host of other demographic details.
A report by Reset.Tech Australia found that brokers may also trade in your location history, sexual interests, financial concerns, utility providers, gambling or drinking habits, and recent online purchases.
The list of companies involved is long: credit reporting agencies, fraud and identity verification firms, property companies, marketers, loyalty programs, and even social media.
If you’ve ever signed up for a rewards card, entered a competition, or filled out an online survey, chances are your data is out there.
How do they get away with it?
The process is often hidden behind layers of legalese.
The ACCC found that privacy policies are typically long, ambiguous, and difficult to understand—averaging nearly 7,000 words and taking almost half an hour to read.
Most of us simply click ‘I agree’ and move on. Even if you try to find out who has your data, you’ll likely hit a dead end.
Katharine Kemp, an associate professor at the University of New South Wales, says that when she’s asked marketers where they got her details, they either dodge the question, hang up, or give a vague answer before ending the call.
The federal privacy commissioner, Carly Kind, describes the industry as ‘very opaque’, with a ‘complex value chain of personal information’.
Because the process is so murky, most people don’t know enough to complain—or even realise their data is being traded.
Australians are uncomfortable—and rightly so
It’s no surprise that 74 per cent of Australians are uncomfortable with their personal information being shared or sold, according to ACCC research.
Some companies try to sidestep privacy obligations by ‘de-identifying’ data—removing names but keeping other details.
But as the ACCC points out, de-identified data can often be re-identified when combined with other information.
Kind says many Australians would find the practices of some data brokers ‘quite uncomfortable to say the least, and often veering on affronting or outrageous’.
The data can change hands dozens of times.
While some of this activity is legal, the line between legitimate and questionable practices is fuzzy at best.
What’s being done—and what can you do?
The ACCC has called for stronger privacy laws, and the privacy commissioner’s office is now looking into the sector’s practices.
There’s hope that new regulations will rein in the worst offenders, but for now, the system is stacked against consumers.
Political parties remain a special case. Their exemption from privacy laws means they don’t have to tell you what data they hold or how they got it.
While some experts see hope for tighter rules on data brokers, there’s little political will to change the rules for politicians themselves.
Have you been targeted?
As the discussion around data privacy and the role of data brokers continues to evolve, it’s important to stay informed and consider how these practices affect us all.
Understanding where our personal information goes and how it is used can help us make more conscious decisions about our digital footprint.
Have you ever wondered how your personal details might be shared or used by third parties? Have you experienced unsolicited contact that made you question how your data was obtained? What steps, if any, have you taken to protect your privacy online?
We invite you to share your thoughts and experiences in the comments below to help foster a broader conversation on this important topic.
Also read: Worried your personal data is being sold? You should be
