European Data Broker Opt-Out List & Removal Guide
(GDPR, 2026)
75 European data brokers (EU & UK) — AdTech vendors and data intermediaries — with verified opt-out links, per-tier removal steps, and a copy-paste GDPR removal-request template
EU residents have legally enforceable deletion rights under GDPR Article 17. This directory covers the brokers most likely to hold your data in Europe — with direct links to their privacy portals. For how these brokers’ records get combined into a profile without being stored as one, see how data clean rooms work.
Your Legal Rights Under GDPR
Unlike the opt-out model common in the United States, the European framework treats personal data processing as prohibited by default unless a lawful basis is established under Article 6. For data brokers relying on “legitimate interests,” that basis faces increasing scrutiny from national DPAs as individual rights requests accelerate.
Article 17 — Right to Erasure
Demand deletion without undue delay. Brokers must respond within 30 days and notify any third parties they have shared your data with.
Article 15 — Right of Access
Request a copy of all data held about you, including the original source and all recipients it has been shared with.
Article 21 — Right to Object
Object to processing based on legitimate interests. The broker must stop unless it can demonstrate compelling grounds that override your interests.
Article 7(3) — Withdraw Consent
If consent was the legal basis (common in AdTech), you can withdraw it at any time through the same consent mechanism or by direct request.
If a broker fails to respond within 30 days or refuses a valid request, escalate to your national DPA: the AP (Netherlands), CNIL (France), BfDI (Germany), ICO (UK). DPA complaints are free to file and carry real enforcement consequences — GDPR fines in 2024 exceeded €1.5 billion across Europe.
Before You Start
Deletion versus suppression
Deletion removes your record from the broker’s active database. Suppression retains the data internally but flags it so it cannot be used, sold, or displayed. For ongoing protection, suppression is often more effective: a suppressed identifier prevents re-scraped data from resurfacing in future. Where a broker offers both options, request deletion and suppression.
Use a dedicated email address
Create a separate email address for opt-out requests. Using your primary address hands the broker a confirmed, live contact point — the opposite of what you want. A masked alias (via SimpleLogin, Apple Hide My Email, or a disposable service) is preferable.
Track your submissions
Keep a spreadsheet: broker name, date submitted, confirmation code, and the 30-day deadline. If you receive no response by the deadline, escalate directly to the relevant DPA rather than chasing the broker a second time.
For US-based people-search aggregators (Spokeo, BeenVerified, Whitepages, and similar), see the US Data Broker Opt-Out List — 104 brokers across eight tiers — or follow the step-by-step US Data Broker Opt-Out Guide.
GDPR Data Removal Request: Email Template
Brokers respond faster to a request that names the legal basis and the statutory deadline than to an informal one. Copy the Article 17 erasure request below, replace the bracketed fields, and send it to each broker’s privacy or Data Protection Officer address from the directory. Keep a copy of every email — it becomes your evidence if you later escalate to a DPA.
Subject: Request for Erasure of Personal Data — Article 17 GDPR To the Data Protection Officer, I am a resident of [COUNTRY] and a data subject under the General Data Protection Regulation. Under Article 17 GDPR, I request the erasure of all personal data your organisation holds about me, including any data acquired or inferred from third-party sources. Identifying details (for matching purposes only): Full name: [FULL NAME] Email address: [EMAIL] Other identifiers: [ADDRESS / PHONE / DATE OF BIRTH, if applicable] Under Article 19 GDPR, I also request that you notify any recipients to whom my data has been disclosed of this erasure. Where deletion is not technically possible, I request suppression so the data cannot be processed, sold, or displayed. Please confirm completion within one month, as required by Article 12(3) GDPR. If I receive no response by that deadline, I will lodge a complaint with [NATIONAL DPA — e.g. AP, CNIL, BfDI, ICO]. Yours faithfully, [FULL NAME] [DATE]
Send from a dedicated alias rather than your primary address, so the request does not confirm a live, primary contact point. If you would rather have the full record built from your own exposure and the requests submitted for you, see the Presence Reduction Brief or The Eraser.
Manual vs Automated Removal: Why US-Built Services Have Limited EU Reach
Subscription removal services like DeleteMe, Incogni, Privacy Bee, and Kanary are automated by design — their value proposition is volume. They submit opt-out requests across a fixed catalogue of roughly 600 mostly-US people-search aggregators (Spokeo, BeenVerified, Whitepages, Intelius, and similar). The automation works because the US market shares three structural features: standardised consumer opt-out portals shaped by CCPA, a consistent target list of consumer-facing aggregators, and high-volume same-shape requests that scale.
The EU market shares none of those features. Consumer-facing people-search platforms are scarce — the cultural appetite that drives US aggregators is weaker outside the United States. The broker landscape is heterogeneous: AdTech vendors operating under the IAB TCF, B2B intelligence firms (Bureau van Dijk, Dun & Bradstreet Europe), DGA-registered data intermediaries, and credit and identity bureaux. Each requires a different request shape. AdTech withdrawal goes through the consent management platform that originally collected consent. B2B intelligence often requires an Article 15 access request first to surface the record. Some brokers respond only to letters posted to a specific DPO address. Automated submission cannot map across these without breaking.
Manual GDPR opt-out is the EU equivalent of what those services do in the US — and it carries a stronger legal lever. Article 17 imposes a 30-day response deadline. Non-response can be escalated to a national DPA (AP, CNIL, BfDI, ICO, and others), which carries real enforcement consequences. The directory below covers 75 EU brokers most likely to hold your data, grouped by sector — submit Article 17 requests directly, escalate non-response to your national DPA, and track each submission against the 30-day deadline.
1 — Marketing & AdTech Brokers
2 — Financial, Credit & B2B Intelligence Brokers
| # | Broker | Jurisdiction | Privacy / Opt-Out |
|---|---|---|---|
| 41 | Acxiom | Global / EU | acxiom.com/optout |
| 42 | LexisNexis | Global / EU | lexisnexis.com/global/privacy |
| 43 | Experian (Business) | UK / Global | experian.co.uk/opt-out-options |
| 44 | Experian (Consumer) | UK / Global | experian.co.uk/consumer-portal |
| 45 | Equifax | Global / EU | equifax.co.uk/privacy-hub |
| 46 | TransUnion | Global / EU | transunion.co.uk/privacy-centre |
| 47 | Cognism | UK / Germany | cognism.com/en/privacy-policy |
| 48 | Dealfront | Germany | leadfeeder.com/privacy/privacy-notice |
| 49 | Dun & Bradstreet | Global / EU | dnb.com/data-transparency |
| 50 | ZoomInfo | Global / EU | zoominfo.com/trust-center/your-privacy |
| 51 | Lusha | Global / EU | lusha.com/privacy-center/request-removal |
| 52 | Apollo.io | Global / EU | apollo.io/privacy-center |
| 53 | RocketReach | Global / EU | rocketreach.co/privacy |
| 54 | Seawave Media | UK | privacy@seawavemedia.com |
| 55 | Datajoy | Belgium | privacy@datajoy.eu |
| 56 | Selectabase | UK | admin@selectabase.co.uk |
| 57 | Data Bubble | UK | databubble.co.uk |
| 58 | Data HQ | UK | datahq.co.uk |
3 — EU Data Intermediaries (Not Data Brokers)
| # | Organisation | Member State | Privacy / Contact |
|---|---|---|---|
| 59 | Athumi | Belgium | athumi.be/en · privacy@athumi.eu |
| 60 | Publiq | Belgium | publiq.studio/privacy-policy |
| 61 | Dataspace Europe OY | Finland | dspace.com/privacypolicy |
| 62 | ADH | France | data-intermediation.eu/privacy |
| 63 | Hub One DataTrust | France | hubone-datatrust.fr/privacy |
| 64 | M-ITRUST | France | mitrust.eu/privacy-policy |
| 65 | VISIONS | France | visionsfrance.fr/privacy-policy |
| 66 | EkologgIA | France | EC notification (EkologgIA) |
| 67 | NOTO | France | EC notification (NOTO) |
| 68 | THEMIS-X | France | EC notification (THEMIS-X) |
| 69 | DID | Austria | EC notification (DID) |
| 70 | NIDHAS | Hungary | EC notification (NIDHAS) |
| 71 | Datakeeper B.V. | Netherlands | EC notification (Datakeeper) |
| 72 | Dexes | Netherlands | EC notification (Dexes) |
| 73 | Fairsfair.io | Netherlands | EC notification (Fairsfair) |
| 74 | iGrant.io | Sweden | EC notification (iGrant) |
| 75 | Smarter Contracts | Finland | EC notification (Smarter Contracts) |
Full register: European Commission DGA Data Intermediation Services Registry
Obstruction Tactics to Know About
/privacy, /opt-out, or /gdpr to their domain directly.
Known non-functional portals (May 2026)
- Mozilla Data Removal: Mozilla has exited the data removal industry. All previous removal links are inactive — do not use.
- Findem: The privacy policy page remains indexed by search engines but the opt-out form submit button is non-responsive. Contact their DPO by email directly instead.
Not sure whether to do this yourself? Before investing time in manual opt-outs, it’s worth understanding what automated removal services like Incogni and DeleteMe actually cover in Europe — and where they fall short. Our comparison of data broker removal services covers pricing, coverage gaps, and when manual engagement produces a different outcome.
Frequently asked: GDPR data broker removal
Is opting out of data brokers free under GDPR?
Yes. Exercising your rights of access (Article 15) and erasure (Article 17) is free of charge. A data broker cannot levy a fee for a standard removal request; under Article 12(5) it may only refuse or charge where a request is manifestly unfounded or excessive, which a single individual's erasure request is not. If a broker asks you to pay to be removed, treat that as a sign the request is being obstructed.
How long does a data broker have to delete my data?
Under Article 12(3), a controller must respond to an erasure request without undue delay and within one month of receipt. That period can be extended by a further two months for complex or numerous requests, but the broker must tell you within the first month and explain why. If the deadline passes with no response, you can complain to your national data protection authority.
Do GDPR rights apply to data brokers based outside the EU?
Yes, where they process the personal data of people in the EU. Article 3 gives the GDPR extraterritorial reach, so a US-based broker holding records on EU residents is bound by the same access and erasure obligations. In practice, US-built automated removal services cover the US broker landscape far better than the European one, which is why manual, GDPR-grounded requests reach the EU and UK brokers those tools miss.
Why does my data reappear after I opt out?
People-search and marketing brokers continually re-acquire records from upstream public sources — registries, electoral and property data, social platforms, and each other. An opt-out stops the current display but does not prevent the next refresh from re-listing you. This is why manual opt-outs generally need repeating every three to six months, and why a one-off removal is rarely permanent.
What if a broker's opt-out form is blocked or won't load?
Two obstruction patterns are common. Some brokers no-index their opt-out pages so they do not appear in search — try appending /privacy, /opt-out or /gdpr to the broker's domain directly. Others geoblock EU IP addresses and return 403 errors; you can reach the form through a non-EU VPN, but still cite Article 17 and state your country of residence in the request. A small number of portals are simply non-functional, in which case email the broker's data protection officer directly.
Need it handled for you?
Manual GDPR opt-outs must be repeated every 3–6 months as brokers re-acquire data from public sources. The Eraser covers the broker and people-search platforms that hold your records — with full documentation of each removal, a 90-day re-scrub guarantee, and a final confirmation report for your records.