Data Broker Audit: MyLife.com and the Minnesota Consumer Data Privacy Act

Investigation Published: Sep 25, 2025

TL;DR: I used Minnesota's Consumer Data Privacy Act (MNCDPA) to force MyLife.com to remove my profile. The unexpected discovery: this triggered a cascade effect across multiple data brokers who share the same data pools, demonstrating how targeting strategic brokers can amplify privacy wins across the surveillance economy.

Why I Targeted MyLife.com

MyLife.com is one of the most aggressive "background check" sites in the data broker ecosystem. Unlike passive aggregators, they actively promote profiles with sensationalized "reputation scores" and push premium subscriptions to view supposedly damaging information about individuals.

What Made MyLife a Priority Target

High visibility: Profiles rank prominently in Google search results for names
Manipulative tactics: Uses fear-based marketing about "what people are saying about you"
Data depth: Aggregates information from multiple sources including social media, court records, and other brokers
Revenue model: Monetizes personal information through subscription-based "background reports"

The MNCDPA Approach

The Minnesota Consumer Data Privacy Act (MNCDPA) grants residents specific rights regarding their personal data, including the right to deletion. Unlike voluntary opt-out processes, MNCDPA creates legal obligations with enforcement mechanisms.

📧 Initial Request (Day 1)

Sent formal deletion request citing MNCDPA Section 325O.05, specifically requesting:

Complete removal of personal profile and associated data
Confirmation of deletion within 45 days as required by law
Details about data sources and any third-party sharing arrangements

🔄 Follow-up (Day 15)

MyLife attempted to redirect me to their standard opt-out form. I responded with:

Citation of specific MNCDPA legal requirements
Reference to potential penalties under Minnesota law
Request for compliance officer contact information

✅ Resolution (Day 28)

Received confirmation of profile deletion along with:

Acknowledgment of MNCDPA compliance
Statement that data would not be re-collected from public sources
Contact information for future privacy requests

The Cascade Effect Discovery

Within 60 days of the MyLife deletion, I noticed something unexpected: profiles on several other data broker sites had also disappeared or become significantly reduced. This revealed the interconnected nature of the data broker ecosystem.

Secondary Deletions Observed

Spokeo: Profile completely removed
BeenVerified: Limited information remaining, no contact details
TruthFinder: "Profile not found" when previously discoverable
Intelius: Reduced to basic name/age only

Key Insight: Data brokers share and cross-reference information more extensively than most people realize. When a major broker like MyLife removes data, it can create gaps in the data ecosystem that propagate to other services, especially those that rely on the same upstream data providers.

Technical Analysis: Why the Cascade Worked

The cascade effect appears to stem from several factors in how data brokers operate:

Shared Data Sourcing

Many brokers purchase data from the same upstream aggregators. When MyLife removed my profile, they likely notified or updated shared databases, creating a ripple effect.

Cross-Verification Systems

Brokers often cross-reference information across multiple sources for accuracy. Missing data from a major source like MyLife can trigger automated confidence thresholds that result in profile suppression.

Legal Risk Mitigation

Some brokers may proactively remove profiles when they detect deletion requests at partner sites, viewing it as a signal of privacy-conscious individuals likely to pursue legal action.

Lessons for Strategic Data Broker Auditing

Target High-Impact Brokers First

Focus efforts on brokers that are likely "upstream" in the data ecosystem or serve as major aggregation points. Success here amplifies across the network.

Use Legal Rights, Not Just Opt-Outs

Privacy laws like MNCDPA, CCPA, and GDPR create enforceable obligations. Brokers take these requests more seriously than voluntary opt-out forms.

Monitor for Cascade Effects

After successful deletions, monitor other brokers for 60-90 days. Document any secondary deletions to understand the interconnections in your specific data ecosystem.

Treat as Ongoing Hygiene

Data broker auditing isn't a one-time activity. I now check quarterly and immediately address any new profiles that appear.

Practical Implementation Guide

Step 1: Initial Assessment

Search your name on major search engines
Use tools like Have I Been Pwned and DeleteMe's free scan
Check major brokers: MyLife, Spokeo, BeenVerified, TruthFinder, Intelius

Step 2: Legal Research

Determine which privacy laws apply to your location
Download official request templates if available
Research specific broker contact information and compliance procedures

Step 3: Strategic Targeting

Start with the most comprehensive profiles (likely upstream aggregators)
Use legal deletion rights rather than opt-out forms
Document all communications for potential enforcement needs

Step 4: Monitor and Maintain

Track deletion confirmations and any cascade effects
Set quarterly reminders to check for new profiles
Consider using automated monitoring services for ongoing surveillance

Resources and Next Steps

Important Note: This case study reflects my personal experience and should not be construed as legal advice. Privacy laws vary by jurisdiction, and data broker practices evolve constantly. Consider consulting with privacy professionals for complex situations or high-risk profiles.