In March 2024, KrebsOnSecurity revealed that the CEO of OneRep — a data removal service Mozilla had built into Firefox — had personally founded dozens of people-search sites over the previous decade, including one still operating in 2026 under the name Nuwber. The CEO admitted it publicly. Mozilla announced it would wind down the partnership within days. Then kept promoting OneRep through Firefox for another twenty months, finally ending the relationship in November 2025.
That timeline is the starting point for any honest discussion of this category. The product that was supposed to delete your data from data brokers was run by someone who had built data brokers. The largest consumer privacy brand in the world kept recommending it for nearly two years after the story broke. Any 2026 comparison still placing OneRep in its top five — and most do — is either uninformed or compromised.
This article takes a different approach. Every broker count is labelled as a vendor claim, not a fact. Every success rate cited comes from the 2024 Consumer Reports study that actually tested these services in the field. Every country section names the local brokers the US-built tools cannot reach, and the centralised opt-out mechanisms most users don’t know exist. The goal is not to list ten services. It is to tell you which of them actually work in your jurisdiction, and when automation is not enough.
What Consumer Reports actually found
In August 2024, Consumer Reports published Data Defense: Evaluating People-Search Site Removal Services — the first independent field test of the data removal industry. Researchers tracked 32 volunteers across seven services — Confidently, DeleteMe, EasyOptOuts, IDX, Kanary, Optery and ReputationDefender — priced from $19.99 to over $1,000 per year, attempting to remove their profiles from 13 widely-used people-search sites, with results measured at one week, one month, and four months.
The results were uncomfortable for the industry. Most services failed to get consumer data removed quickly or completely. Records reappeared weeks later. Many volunteers found manual opt-out — filling in the same forms themselves — more effective than the automated tools they had paid for.
The two best performers were EasyOptOuts, at 65 per cent success after four months and priced at $19.99 per year, and Optery, at 68 per cent success and priced between $39 and $249 per year depending on tier. DeleteMe, IDX, and Kanary landed in the mid-tier. Confidently and ReputationDefender performed worst.
The single most useful number in the study is the top figure: 68 per cent. Even the best-performing, screenshot-verified, human-assisted service failed to remove about one record in three. Automated data broker removal is a probabilistic tool, not a guarantee. A budget of $19.99 a year buys most of the value. Spending ten times that on a premium subscription does not proportionally improve results — and in the case of the worst performers, spending more bought less.
DeleteMe vs Incogni vs Optery and the rest: a comparison that refuses to repeat marketing claims
The comparison below puts DeleteMe vs Incogni vs Optery — along with every other service in the European data broker opt out category — side by side, with pricing fetched from each vendor’s own pricing page in April 2026, legal entities checked where possible, and CR 2024 results noted where the service was part of the study. Broker counts are deliberately omitted, because no independent body audits them.
| Service | HQ | Price (2026) | CR 2024 result | EU-specific feature | Verdict |
|---|---|---|---|---|---|
| EasyOptOuts | US | $19.99/yr | 65% (winner) | None | Best value for normal exposure |
| Optery Core | US | $39/yr | Same method as Ultimate | Free basic tier | Best budget tier |
| Optery Ultimate | US | $249/yr | 68% (winner) | Screenshot proof | Best verified automation |
| Incogni Standard | EU/US (Surfshark) | $95.88/yr | Not tested | EU data processing | Strong EU defaults |
| Incogni Unlimited | EU/US | $179.88/yr | Not tested | EU data processing | Adds custom removal coverage |
| CrabClear | DE (meetergo GmbH, HRB 96344) | €79 launch / €149 regular | Not tested | Frankfurt-only infrastructure | Best EU-native automation |
| DeleteMe | US | $129/yr / £115/yr UK | Mid-tier | Localised pages for 7 EU states | Best human-assisted |
| Privacy Bee Pro | US | $216/yr | Not tested | None disclosed | Enterprise-grade, US focus |
| Kanary Copilot | US | $120/yr | Not tested (Cloud was mid-tier) | None | Cloud closed to new users; not recommended for EU |
| Rightly | UK | Free | Not tested | UK GDPR bulk DSR | Best free UK option |
| Bitdefender DIP | Romania (EU) | ~$40 first year | Not tested | Guided, not active removal | Monitoring tool, not removal |
| The Eraser (PI Solutions) | Netherlands | €3,800 one-time | Not tested | Human-led, verified deletions | Professional engagement tier |
Every vendor on this list claims a different and mutually incompatible number for how many data brokers they cover. None of the numbers are independently audited. Use the CR 2024 results where available, and treat the rest as unverified.
Country by country
Netherlands
The best data broker opt out service in the Netherlands is a harder question than it looks. The Dutch market is structurally different from the United States. The data brokers that matter are not people-search sites but telecom CRMs, retail loyalty databases, media publishers’ ad-tech stacks, and Dutch-specific aggregators. None of the US-built commercial services target these. An Incogni or Optery subscription will remove your data from American people-search sites you probably never appeared on in the first place, while ignoring the domestic databases where your real exposure lives.
A community-maintained tool at apolloccrypt.github.io/nl-data-optout generates free GDPR Article 17 erasure requests targeted at over fifty Dutch data controllers, including telecoms, retailers, and ad-tech companies. It is not a removal service — it is a letter generator. For Dutch users whose exposure is mostly domestic, it is more useful than most paid subscriptions. Our own EU Data Broker Opt-Out List covers the cross-border brokers that operate across the EEA.
Escalation path for ignored requests: the Autoriteit Persoonsgegevens (AP), which has fined multiple Dutch companies for failing to honour the thirty-day response window under GDPR Article 12.
Germany
Germany inverts the problem for any data broker opt out service. Private individuals are not listed in Das Örtliche, Das Telefonbuch, or Gelbe Seiten unless they have actively opted in. If you never asked to be listed, you are not there to remove. The real targets for German users are people-search platforms like StayFriends and Yasni, which aggregate from public sources without consent.
The Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) is one of the more active enforcers in Europe, and German users have jurisdictional advantages American users do not. A removal request citing German law, sent from a German address, to a German-held aggregator, is far harder to ignore than the same request sent from across an ocean.
Of the commercial services, CrabClear has the strongest German positioning — it is a real German GmbH registered at Amtsgericht Düsseldorf HRB 96344, operated by the team behind meetergo, with all processing infrastructure in Frankfurt. Incogni processes EU data on EU infrastructure and complies with Schrems II transfer requirements. Optery Ultimate is worth mentioning for one reason: its screenshot-based proof of removal is the single most practical feature when a broker disputes that a request was ever made.
France
The best data broker opt out service in France is often not a commercial service at all. France has a centralised mechanism most users don’t know exists: the liste rouge. It is free, operated by your telecoms provider, and deletes your entry from Pages Blanches and Pages Jaunes within forty-eight hours of registration. For users whose main French exposure is the white pages and the yellow pages, the liste rouge is the first and cheapest tool — and no commercial service offers it because no commercial service has a reason to recommend something free.
Business directories are a separate problem. Societe.com, Manageo, Edecideur, and similar corporate registries pull director information from official publications and republish it without consent, creating a shadow exposure for business owners and executives that survives most opt-out attempts. The CNIL has fined directory operators specifically for ignoring Article 17 requests, and its enforcement archive is a useful starting point for any escalation.
For commercial tools targeting the French market: DeleteMe has a dedicated French localisation, Incogni processes French data inside the EU, and Optery Ultimate’s screenshot proofs are the best defence in a dispute. None of them touch the centralised liste rouge. Do that step first, then cover residual exposure with automation.
Spain
Spain has almost no native data broker opt out service option. The dominant Spanish business-data brokers — Axesor (owned by Experian), eInforma, and Infocif — pull data from the Boletines Oficiales, the official state bulletins, which they argue gives them a lawful basis for publication without consent. They are real data controllers, they process personal data (director names, addresses, company affiliations), and they are subject to the GDPR plus Spain’s domestic LOPDGDD (Organic Law 3/2018).
No US-built removal service targets them. An Incogni or Optery subscription will not touch Axesor. To exercise your right to erasure against the Experian-owned Axesor database, you must send a signed request with a scanned identity document to bcatcliente@experian.com — an address that appears nowhere in the standard comparison tables. Our European data broker guide covers the GDPR legal basis in detail.
Escalation: the Agencia Española de Protección de Datos (AEPD), which has one of the highest enforcement action counts of any EU DPA. For Spanish users whose main exposure is Axesor, eInforma, or Infocif, no automated tool will solve the problem. Either send the requests manually, or engage a service that handles individual directories by hand.
United Kingdom
Data broker removal services for UK residents work differently from EU and US options. UK users have two free levers most commercial tools don’t use. First, 192.com — the dominant UK people-search site — publishes the Open Register, a version of the Electoral Roll anyone can buy. Opting out of the Open Register is free, takes one form to your local electoral registration officer via gov.uk, and removes you from 192.com within forty-eight hours. This single step handles most commonly indexed UK exposure.
Second, Rightly — a UK-based service at no cost to the user — lets you identify companies holding your data and issue GDPR deletion requests in bulk. It is genuinely free, UK-based, and designed to detox inboxes and mop up forgotten corporate accounts. It is not a data broker removal service in the automation-loop sense, but it solves the upstream problem: fewer companies holding your data means fewer leaks feeding the broker ecosystem.
For residual exposure after those two steps, DeleteMe has UK-localised pricing at £115 per year. The Information Commissioner’s Office (ICO) enforces both UK GDPR and the Data Protection Act 2018 — now amended by the Data (Use and Access) Act 2025, whose main provisions commenced on 5 February 2026. Our UK data broker rights guide covers the statutory framework, the Experian Upper Tribunal ruling, and the ICO escalation path in full. For the vast majority of UK users, the Open Register opt-out and Rightly together handle more exposure than any paid subscription.
If the services above don’t fit your threat model — multiple countries of exposure, a professional profile, or a case where a sixty-eight per cent success rate is not acceptable — a human-led removal engagement is a different product entirely, not a pricier version of the same thing.
Talk to an AnalystData broker removal vs manual opt-out: what the evidence says
Consumer Reports reached a conclusion most of the industry avoids: manual opt-out is often more effective than automated removal, if the user has the time. The reasons are structural. Automated services depend on scripts that can be defeated by a CAPTCHA, a redesigned form, or a broker that decides to ask for a scanned ID. A human can solve these. A script cannot.
The time cost is real. Independent estimates put the initial manual opt-out process at between thirty-three and fifty-two hours, plus ongoing quarterly maintenance. For most users, that is an unwinnable trade — time is the most constrained resource, and paying $19.99 a year to recover fifty hours of life is obvious value. The trade changes for specific users.
A senior executive whose name appears on a corporate acquisition announcement, a public figure facing targeted harassment, a researcher with an international footprint, or a family member of any of the above — these are threat models where a sixty-eight per cent success rate is not acceptable. Missing one record on a broker that feeds SEO-ranked aggregators means the exposure persists. For these users, the honest answer is not a better automated service. It is human-led removal with verification, performed by someone who treats each broker as a manual engagement rather than an API call.
Mine (MineAPP) is worth a separate mention as an adjacent tool. It is not a broker removal service — it is a DSR automation tool that identifies companies you have accounts with and batch-requests erasure directly from them. Using it alongside broker removal addresses both sides of the problem: brokers are re-supplied by source databases, and shrinking those sources reduces what automation has to chase.
Why automated services hit structural limits in Europe
The CR data is US-centric. In Europe the limitation is sharper, because the legal mechanism is different. GDPR Article 17 erasure requests frequently require what automated tools cannot supply: identity verification, notarised documentation, or a formal legal basis articulated in writing. The B2B aggregators and AdTech intermediaries that hold the most commercially valuable data on European residents are precisely the ones that demand this level of engagement. Most automated services skip these brokers entirely, or submit a generic request that goes unanswered.
There is a second structural problem the CR success rate does not capture. A submitted opt-out request is not a confirmed deletion. Brokers process requests on their own timelines — some within days, some within weeks, some not at all. A dashboard that shows “request sent” is telling the truth, but it is not telling the whole truth. “Request sent” and “record deleted” are different events, and most automated dashboards do not distinguish between them.
The third issue is upstream. Major aggregators — Acxiom, LexisNexis, Experian, and equivalent European data houses — license their records to hundreds of downstream people-search and marketing platforms. Removing a profile from Spokeo or one of its European equivalents while leaving the source record intact at the aggregator is structurally similar to clearing a search result while the source document remains published. Automated services vary significantly in whether they attempt aggregator-level removal at all, and most do not advertise the distinction.
Boutique and executive alternatives
For users whose threat model does not fit automation, a small number of European firms handle data removal as a manual, caseworker-led engagement:
- The Eraser (Privacy Insight Solutions, Netherlands) — human-led removal across hundreds of B2B and AdTech brokers, deep OSINT discovery, verified deletions with reports, from €3,800 one-time. Designed for executives, HNWIs, and users facing targeted exposure.
- Internet Erasure Ltd (UK) — UK-based Right to be Forgotten specialists, caseworker model, £1,500–£2,500 per engagement.
- Repuserve (UK) — GDPR-driven content removal and search suppression, bespoke packages from £1,450.
- EPP-Riskmanagement (Germany) — 360° privacy for HNWIs, combines digital footprint removal with physical security consulting.
These services charge more because they do more. Each is a manual engagement rather than a subscription, and each treats difficult brokers as a legal and procedural problem rather than an automation one. For users whose exposure justifies the investment, they are the defensible answer.
Services to avoid
Three services repeatedly appear in 2026 “best of” lists that should not:
- OneRep — structural trust problem (Krebs 2024, ongoing Nuwber ownership). Avoid regardless of marketing updates.
- ReputationDefender — Consumer Reports 2024 ranked it among the least effective services tested. Premium prices for below-average results.
- Confidently — same CR 2024 finding. Among the least effective.
There is no “best of” list worth following that still places any of these in its top recommendations. Use the CR 2024 report as the trust filter: if a 2026 comparison does not cite it, the author has not done the work.
When to use what
For the average European user with ordinary exposure, the honest recommendation is simple. Start with your country’s free mechanism — liste rouge in France, Open Register opt-out in the UK, the apolloccrypt tool for the Netherlands, a manual erasure request to Axesor for Spain. Then subscribe to EasyOptOuts at $19.99 per year to cover residual exposure. Total cost: under twenty dollars a year for most of the value.
For users whose exposure is heavier — multiple countries, professional profile, dependents — add Optery Ultimate for the screenshot verification, or CrabClear for EU-native processing, depending on your jurisdictional preference.
For users whose threat model does not fit automation — executives, HNWIs, public figures, anyone facing targeted harassment or corporate reputation risk — the honest answer is that automation is not the right tool. Human-led removal with verification is a different product, at a different price, and it is the only defensible choice when completeness matters more than unit economics. The Eraser is our own answer to that problem, built specifically for European residents operating under GDPR. To see what a professional engagement actually involves before committing, our article on what a European data broker removal engagement looks like walks through the process end to end.
The shortest possible honest summary: the industry does not live up to its marketing. Consumer Reports proved it. Spend twenty dollars if your exposure is normal. Spend several thousand if it isn’t. Do not spend several hundred. The middle of this market is the place where results are worst and costs are highest. For a full breakdown of how data brokers source and trade personal data, see our Data Broker Ecosystems hub.