No UK data broker register or deletion mechanism
No one, including government, can enumerate who holds and trades UK residents' personal data. There is no registration obligation for data brokers (contrast California's registry and Delete Act); DSIT's call for evidence on data brokers and national security acknowledged the blind spot. ICO enforcement is rare and fragile: its 2020 Experian enforcement notice on offline data broking was largely overturned on appeal. Consumers have no practical way to discover or delete broker-held profiles; ORG's campaigns are ad hoc.
Broker data feeds scams, discriminatory pricing, and, per DSIT's own framing, hostile-state targeting. Individual rights are unusable against entities you cannot name; a register converts an invisible market into a governable one.
Statutory data broker registration administered by the Information Commission, with a one-stop deletion mechanism (California Delete Act model); interim: a funded independent observatory mapping the UK broker market.
// Build now: First artefact: independent UK data-broker observatory (fill's named interim); statutory register is the state-led end-state.
Nobody can even enumerate UK data brokers feeding scams and hostile-state targeting; California's registry-and-deletion model is copyable and the market is unowned, with DSIT interest but no closing date.