Under the Texas Data Broker Act, a “data broker” is generally defined as a business that collects, processes, or transfers personal data about consumers with whom the business does not have a direct relationship.
The definition focuses on two core elements:
-
No direct relationship with the consumer, and
-
Commercial handling or transfer of personal data obtained from other sources.
A “direct relationship” typically means the consumer intentionally interacts with the business — such as by purchasing goods or services, creating an account, signing up for communications, or otherwise knowingly engaging with the company.
Organizations that acquire personal data from third-party sources and then sell, license, enrich, analyze, or otherwise make that data available to others may fall within the scope of Texas’s definition.
Because Texas’s statutory language differs from California, Oregon, and Vermont, businesses should conduct and document a Texas-specific applicability analysis rather than assuming that compliance determinations from other states automatically apply.
For implementation guidance, governance documentation templates, and audit-readiness support, visit the CLIClaw Data Broker Compliance Library.
This FAQ is provided for general informational purposes only and is not legal advice. It is intended as a starting point for understanding the issues discussed and should not be relied on as a substitute for advice from qualified legal counsel.