Third-Party Data

Personal information collected by an entity with no direct relationship to the data subject, typically obtained by purchasing data sets, licensing information from data brokers, or receiving data through partnerships. Third-party data enables businesses to enrich customer profiles, target advertising to potential customers, and analyze market trends. Common sources include: data brokers aggregating public records, marketing platforms selling consumer segments, credit bureaus providing financial information, and social media platforms offering advertising audiences. Using third-party data raises heightened privacy concerns because data subjects often don't know who possesses their information or how it's being used. Organizations using third-party data should: conduct due diligence on data sources ensuring lawful collection, provide transparency about third-party data use in privacy policies, implement appropriate legal bases for processing, honor opt-out requests even for third-party sourced data, and maintain records of third-party data sources. GDPR Article 14 requires informing individuals when processing data not collected from them, including the data source categories.