Back to all articles
Privacy

The Location Data Economy: What Brokers Know and How to Stop Them

CloakLoc TeamMay 14, 20269 min read
The Location Data Economy: What Brokers Know and How to Stop Them

Right now, while you read this, companies you have never interacted with are buying and selling records of where you have been. Not general regions — specific addresses, specific timestamps, specific dwell times. The precision is measured in meters. The history stretches back years. The scale is staggering: estimates put the location data brokerage market at over $12 billion annually.

How the Data Gets Collected

The primary collection mechanism is the mobile app SDK. When a developer integrates an advertising or analytics SDK into their app — to monetize with ads, to track app analytics, to enable push notifications — they are typically also agreeing to allow that SDK provider to collect location data from their users. The SDK sits inside the app and has access to whatever permissions the app has been granted. If users granted the app "always on" location access, the SDK collects location continuously.

The same user's data flows from the weather app, the parking app, the local news app, and the game they installed last week — all into the same broker's warehouse, all linked to the same persistent device identifier.

Who Buys It

  • Retail chains analyzing foot traffic to competitor stores
  • Hedge funds tracking vehicle counts at factory parking lots to predict earnings
  • Political campaigns identifying voters who attended rival events
  • Insurance companies modeling risk based on where you drive and park
  • Real estate firms analyzing neighborhood visitation patterns
  • Health data brokers identifying users who visited medical facilities

What You Can Realistically Do

Opt-out requests submitted to individual brokers are legally required to be honored in California (CCPA) and several other states, but enforcement is weak and the data already sold does not get recalled. The realistic interventions are upstream: synthetic location injection so the data collected is fiction, systematic revocation of location permissions, and use of advertising ID reset tools to break the persistent identifier brokers rely on.

There is no "delete my data" button that reaches all 300+ location data brokers simultaneously. The only durable protection is making the data they collect worthless by making it false.