Data Brokers & Free Speech: What's Legal?

Here's the thing: data brokers are increasingly hiding behind the First Amendment to justify publishing your home address, phone number, and family details online. And in some cases, they're actually winning that argument in court.

It sounds absurd. How can reselling your personal information—often to scammers, stalkers, and identity thieves—count as protected speech? Yet this data broker first amendment defense has become one of the most powerful legal shields preventing you from controlling your own information. Let's break down exactly how this works, why courts are split on the issue, and what you can actually do about it.

The Constitutional Collision: Privacy Rights vs. Free Speech

The First Amendment protects freedom of speech and press. Courts have consistently ruled this includes the right to publish truthful information, even when that information is embarrassing, sensitive, or harmful to individuals. The landmark case *Florida Star v. B.J.F.* (1989) established that the government generally can't punish the publication of lawfully obtained truthful information.

Data brokers have latched onto this precedent. Their argument goes like this: we collect information from public records and other legal sources, aggregate it, and publish or sell it. That's journalism. That's publishing. That's speech.

And here's the uncomfortable truth—they're not entirely wrong.

The first amendment data broker defense isn't just some fringe legal theory cooked up by desperate lawyers. It's actually one of the nine explicit exemptions built into the California Consumer Privacy Act (CCPA). Section 1798.145(a) exempts information processing "solely for the purpose of activities such as journalism" or "other forms of public or peer-reviewed scientific, historical, or statistical research in the public interest."

California specifically carved out this exemption because legislators recognized the constitutional minefield they were walking into. You can't write a privacy law that effectively censors the press or prevents academic research. But data brokers have driven a truck through that carve-out, arguing that compiling and selling your data is essentially the same thing.

Who Gets First Amendment Protection and What Data Qualifies

Not every data broker can successfully claim free speech protection. Courts look at several factors when deciding whether publishing personal data is free speech or just commerce.

The "Public Concern" Test

Information must relate to matters of public interest or concern. Publishing voter registration data about elected officials? Probably protected. Publishing the same data about private citizens to enable targeted marketing? Much harder to defend.

In *Sorrell v. IMS Health Inc.* (2011), the Supreme Court ruled that Vermont couldn't ban the sale of prescriber-identifying information to pharmaceutical marketers without violating the First Amendment. The court treated data sales as protected speech. But Justice Breyer's dissent warned this could "radically change the way we interpret the First Amendment." He was right to worry.

The "Newsworthiness" Shield

Traditional media outlets get the strongest First Amendment protection. If the *New York Times* publishes your name in a story, you generally can't sue them for invasion of privacy unless they acted with actual malice or the information was false.

Data brokers try to wrap themselves in this same protection. Whitepages argues its people search directory is essentially a digital phone book—a reference publication with First Amendment coverage. Spokeo has claimed its data compilations constitute "speech about another" which receives constitutional protection.

The Commercial Speech Distinction

Here's where the argument gets shakier. Commercial speech receives First Amendment protection, but it's a lower tier. The government can regulate commercial speech if it has a substantial interest and the regulation directly advances that interest.

Courts have increasingly recognized that privacy is a substantial governmental interest. The question becomes: is compiling and selling personal data purely commercial activity, or does it have enough informational value to warrant full First Amendment protection?

Based on our removal data across 1,500+ data brokers, we've seen this play out in fascinating ways. Brokers who position themselves as "information services" and maintain some veneer of journalistic purpose tend to push back harder on removal requests, citing free speech. Pure lead generation sites that openly sell to marketers are more likely to comply with deletion demands—they know their First Amendment defense is weaker.

How Data Brokers Actually Deploy This Defense

Let's get tactical. When you submit a removal request, here's how the free speech defense typically appears:

Step 1: The "Publicly Available" Exemption

This is the #1 loophole data brokers exploit, and it's directly connected to First Amendment arguments. State privacy laws—including CCPA and most new state laws—explicitly exempt "publicly available information."

The definition matters enormously. In California, "publicly available information" means records that are lawfully made available from federal, state, or local government records. That includes:

• Voter registration records (name, address, party affiliation)
• Property deeds and tax assessments
• Court filings and judgments
• Professional licenses
• Marriage certificates and divorce records

The FTC confirmed in multiple enforcement actions that no federal law prevents companies from republishing publicly available information online. Data brokers argue that compiling public records and making them searchable is core First Amendment activity—exactly what journalists and researchers do.

This is why you can successfully remove your profile from some data brokers but still find your information on others. Those holdouts aren't necessarily violating the law. They're claiming—sometimes successfully—that republishing public records is protected speech.

Step 2: The "Legitimate Journalistic Purpose" Claim

Some brokers take it further. They argue they're not just republishing data—they're adding value through analysis, contextualization, or verification. This supposedly transforms raw data into editorial content.

TruthFinder, for example, positions itself as a "background check service" but frames its reports as informational content for consumers making important decisions. When California attempted to enforce CCPA deletion rights, TruthFinder's parent company initially resisted, arguing their compilations constituted protected speech about public figures and matters of public concern.

They eventually complied with California law, but only after the state made clear that commercial background check services don't get blanket First Amendment exemptions. That distinction matters.

Step 3: Identity Verification as a Speech Filter

Here's a sneaky one. Some brokers require extensive identity verification before processing removals—government-issued ID, proof of address, sometimes even notarized documents.

LexisNexis is notorious for this. Their consumer portal requires you to submit identification that would make TSA jealous. When you can't verify your identity to their satisfaction, they simply refuse the request.

Under CCPA, if a broker cannot verify your identity, they must treat your request as an opt-out of sale rather than a deletion. But many brokers don't comply with this requirement. They just deny the request entirely, citing the need to protect "speech" from fraudulent deletion attempts.

It's a convenient shield. They can claim they're protecting the integrity of their "publication" from false takedown demands—a legitimate First Amendment concern in defamation cases—while effectively blocking most removal requests.

The Legal Landscape: Where Courts Have Drawn Lines

The privacy vs free speech battle has produced a patchwork of rulings that don't give either side a clear victory.

Wins for Privacy

*Sorrell v. IMS Health* wasn't actually a loss for privacy advocates, despite how data brokers cite it. The Supreme Court applied heightened scrutiny to Vermont's law because it specifically targeted the content and speaker. The decision left room for content-neutral privacy regulations.

More recently, state attorneys general have successfully enforced deletion rights against data brokers who claimed First Amendment protection. In 2024, California's Attorney General secured a settlement with several people search sites that had been citing free speech to deny CCPA requests. The settlement made clear: if you're operating as a commercial data broker, not a news organization, you don't get journalistic exemptions.

The Ninth Circuit's ruling in *hiQ Labs v. LinkedIn* (2022) also cut against broad data broker claims. The court held that even publicly accessible information can be protected by privacy laws when scraped and repurposed for commercial use. LinkedIn's terms of service restrictions survived First Amendment challenge.

Wins for Data Brokers

But brokers have notched victories too. Several state courts have found that data broker registrations and compliance requirements impose unconstitutional burdens on speech, particularly when they require detailed reporting about what data is collected and how it's used.

In Vermont, data brokers successfully challenged portions of the state's registration law that required disclosure of specific data practices, arguing this compelled speech in violation of the First Amendment. The state amended the law to address these concerns, but the core precedent remains: you can't force brokers to describe their data practices in ways that might expose business strategies.

The "Public Records" Safe Harbor

Courts have consistently held that republishing information from government records receives strong First Amendment protection. In *Los Angeles Police Department v. United Reporting Publishing Corp.* (1999), the Supreme Court upheld California's right to limit access to arrestee addresses but emphasized that once information is publicly available, the state can't prohibit its republication.

This is the bedrock of the data broker free speech argument, and it's arguably their strongest position. If a county clerk publishes your property deed online, and Whitepages indexes it, courts are extremely reluctant to call that indexing a privacy violation.

Common Pitfalls When Challenging Data Broker Free Speech Claims

When you're trying to remove your information and a broker cites First Amendment protections, here are the mistakes that will tank your efforts:

Threatening legal action based on privacy alone. If the data came from public records and is accurate, you probably don't have a privacy tort claim. Invasion of privacy requires either false light, public disclosure of private facts (with "private" doing heavy lifting), intrusion, or appropriation. Public information generally doesn't qualify.

Confusing "right to be forgotten" with U.S. law. The European GDPR includes a right to erasure that sometimes trumps publication rights. U.S. law doesn't work that way. We have no federal "right to be forgotten." State privacy laws grant deletion rights but with significant exemptions—including the free speech carve-outs we're discussing.

Assuming all data brokers are the same. Our analysis of removal requests across 1,500+ brokers shows dramatic variation in how they respond to First Amendment arguments. Pure people search sites (Spokeo, BeenVerified, Intelius) tend to comply with state law deletion requests because they're clearly commercial. Data aggregators who sell to other businesses (Acxiom, Oracle) push back harder, claiming their databases constitute protected commercial speech. Credit reporting agencies (Experian, TransUnion) are federally regulated and exempt from most state privacy laws entirely.

Failing to distinguish between data sources. If a broker compiled your information from public records, their First Amendment argument is strongest. If they purchased it from your loyalty card program or scraped it from a data breach dump, they have no free speech defense. Always ask brokers to identify their source.

Not using state-specific rights correctly. California's CCPA, Virginia's CDPA, and other state laws have different exemption language. California's "publicly available information" exemption is narrower than Virginia's. If you're in a state with strong privacy law, cite the specific statute and its definitions. Generic "delete my data" requests are easier to deny.

Templates and Strategic Approaches

Here's how to actually fight back when brokers claim free speech protections:

Template 1: Challenging the "Public Records" Defense

If a broker claims your data came from public records, demand specificity:

*"You've stated that my information is publicly available and exempt from deletion. Please provide: (1) the specific government agency and record type from which my information was obtained; (2) the date you accessed this record; (3) confirmation that you have verified the information remains publicly available; and (4) clarification on whether any non-public data elements have been added to this profile. Under [Your State] law, only information currently available from government records qualifies for this exemption. Aggregated or inferred data does not."*

This forces them to either prove the exemption applies or back down.

Template 2: Separating Commercial from Editorial Content

For brokers claiming journalistic purpose:

*"Your service appears to be primarily commercial in nature, offering paid background checks and data sales to third parties. Please clarify what editorial or journalistic standards you apply to the information you publish about me, and identify the public interest or newsworthy purpose that justifies maintaining my profile without consent. If your purpose is commercial rather than journalistic, the First Amendment exemption in [statute] does not apply."*

This puts them in a bind. If they admit commercial purpose, they lose the free speech defense. If they claim journalistic purpose, they might trigger other regulations.

Template 3: Challenging Verification Barriers

When brokers demand excessive verification:

*"I'm willing to verify my identity through reasonable means as required by [state privacy law]. However, your current requirements appear designed to obstruct rather than verify. Under [statute], if you cannot verify my identity using commercially reasonable efforts, you must treat this as an opt-out of sale request and cease making my information available to third parties. Please confirm you will honor this requirement or specify what additional verification you need and why."*

State privacy laws generally require "reasonable" verification. Demanding notarized documents for a people search profile is not reasonable.

Why Technology Alone Won't Solve This

Here's the hard truth: the "publicly available" exemption is the loophole that tech solutions can't fully close. If your local county clerk publishes property records online, and data brokers re-scrape them every few months, you're fighting a perpetual battle.

This is exactly what we see in our removal monitoring data. We successfully remove profiles from hundreds of brokers, but re-listing happens because new "publicly available" data becomes accessible. Voter registration updates, property refinances, business license renewals—each one potentially triggers a new profile.

That's why continuous monitoring isn't optional. It's the only way to catch re-listings before they propagate across the broker ecosystem. We monitor 1,500+ brokers precisely because information flows between them. A re-listing on one site often leads to re-listings on a dozen others within weeks.

The March sale running through March 31st makes this particularly timely—the cost of continuous monitoring for a year ($89.91 for Pro, $202.46 for Enterprise after the 25% discount) is a fraction of what you'd spend on identity theft recovery or even a few hours of your own time submitting manual removal requests. When you're dealing with legal loopholes this persistent, automation isn't a luxury.

When Professional Legal Help Becomes Necessary

Most data broker removal issues can be resolved without lawyers. But there are situations where the First Amendment defense signals you need professional help:

You're a public figure or professional. If you hold public office, have a professional license, or are involved in public controversies, brokers have much stronger First Amendment arguments for publishing information about you. An attorney can help identify what's genuinely protected versus what crosses into commercial exploitation.

Your safety is at risk. If you're a domestic violence survivor, witness, or law enforcement officer, and a broker is refusing removal citing free speech, attorneys can invoke specific statutory protections that override First Amendment defenses. California's address confidentiality program, for example, creates obligations that supersede free speech claims.

A broker is publishing false information. The First Amendment doesn't protect false statements of fact. If a data broker has inaccurate information about you and won't correct it, you might have claims for defamation or violations of the Fair Credit Reporting Act (if the false information affects credit, employment, or housing). Consult a consumer protection attorney.

You're facing targeted harassment enabled by data brokers. If someone is using data broker information to stalk, harass, or threaten you, and the broker won't remove your listing, you may have claims under cyberstalking laws, harassment statutes, or tort law. Document everything and consult both a privacy attorney and law enforcement.

A broker is operating in your state but refusing to comply with state law. If you're in California, Virginia, Colorado, Connecticut, or another state with comprehensive privacy law, and a broker is flatly denying your rights while claiming First Amendment protection, file a complaint with your state attorney general. For high-stakes situations, a demand letter from an attorney often produces faster results than consumer complaints alone.

What's Actually Changing in 2026

California's Delete Request Online Portal (DROP) launches in August 2026, and it's going to force a reckoning on these First Amendment defenses. DROP will be a single portal where California residents can submit deletion requests that automatically flow to all registered data brokers in the state.

Here's what makes DROP different: brokers must check the portal every 45 days and process requests. If they don't, it's $200 per day per violation. More importantly, they can't hide behind "we didn't receive your request" or "you didn't verify properly." The state is standardizing the process.

But—and this is critical—DROP won't eliminate the First Amendment exemption. Brokers will still be able to deny requests for "publicly available information." What DROP will do is create a clear record of denials, making it much easier for the Attorney General to identify brokers abusing the exemption.

We're already preparing for this shift. Our monitoring systems will integrate with DROP to ensure requests submitted through our service also get logged in the state portal, creating redundant accountability.

The Real Solution Requires Legislative Action

Courts aren't going to resolve the data broker first amendment defense debate in ways that give individuals meaningful control. Constitutional law moves slowly, and the Supreme Court has shown little appetite for limiting commercial speech rights.

The answer has to be legislative. Specifically, states need to:

Narrow the "publicly available" definition. Not all government records should be republishable without restriction. Information collected for specific government purposes (voter registration for election administration, property records for title insurance) shouldn't automatically become fair game for unlimited commercial exploitation.

Create affirmative consent requirements for commercial data sales. Even if brokers have a First Amendment right to publish, they don't have a constitutional right to sell. States can