Opt-Out Is Not Consent.

For the last eighteen months the recruitment AI conversation has been dominated by ATS auto-rejection: Workday, Eightfold, the lawsuits, the trust collapse. All of it real, all of it worth arguing about, and all of it a distraction from a quieter category of recruitment tooling that has, almost unwatched, built hidden databases of named individuals at unimaginable scale. One platform alone, Juicebox/PeopleGPT, advertises 800 million profiles. None of those 800 million people opted in. Most have never heard of the product. Most have never been told they can be ranked by it, scored against a brief, sorted into shortlists, and cold-messaged by recruiters at a recruiter's whim. They cannot withdraw a consent they never gave. They can, in principle, opt out. In practice the opt-out is a five-step process behind a footer link they will never click on a website they will never visit. This is the recruitment privacy scandal hiding in plain sight, and its implications run a long way past hiring.

What This Category Actually Is

This is not a story about a handful of bad actors. It is a story about an entire product category, openly venture-funded, openly sold by the seat to professional recruiters who renew their annual subscriptions without a second thought. The names sound anodyne — Juicebox/PeopleGPT, HireEZ, Fetcher, SeekOut, Findem, and a dozen smaller competitors — and they all sell a version of the same idea: a recruiter types a natural-language query ("senior Python engineer in London with fintech experience and an interest in payments infrastructure"), and a model returns a ranked list of real named people with contact details. The recruiter then deploys an AI outreach tool, often the same vendor's, to message those people at scale, with subject lines and opening paragraphs calibrated to feel hand-written.

The data behind these tools comes from the same handful of places. LinkedIn scrapes feed most of them. GitHub, Crunchbase, public CVs and conference websites feed others. A layer of data-broker aggregators (People Data Labs, Full Contact, RocketReach, ContactOut and others) sits underneath, selling already-aggregated profiles to vendors who in turn resell access to recruiters. Fetcher's own privacy disclosure names this supply chain explicitly. SeekOut, HireEZ and Findem describe variations on the same architecture. None of the candidates in these supply chains were asked.

The whole category is one architectural pattern: collect at scale without consent, infer at scale without notification, outreach at scale without invitation. The vendor differences are in interface and matching quality, not in the question that matters.

The Opt-Out Reality Is Already Broken

Every responsible vendor will point at their privacy centre and say there's an opt-out. There is. In practice it is so fragmented, so friction-heavy, and so dependent on knowing you are in any given database in the first place, that it functions as a paper defence rather than a working right.

A snapshot from the public-facing documentation of the major tools, as of May 2026:

Tool	Where you opt out	Friction
Juicebox / PeopleGPT	Privacy Center on juicebox.ai, or email privacy@juicebox.work	Web form + email request
HireEZ	Footer "Do Not Sell My Personal Info" link → CCPA notice → opt-out form → email verification code	5 steps, 72-hour SLA
Fetcher	Privacy policy lists the rights; no clear single-action opt-out URL surfaced	Email request to privacy team
SeekOut	Consent-withdrawal language in privacy policy; no clear self-serve URL	Email request
Findem	Privacy policy describes data subject rights; no clear self-serve URL	Email request
Upstream data brokers	People Data Labs, Full Contact, RocketReach, ContactOut all run separate opt-out processes	One per broker. None of them tell you they have you.

To remove yourself from this market in practice you would need to: identify every tool that has ingested your profile (you cannot, because no one notified you), find each one's opt-out process (they are not in a single place), submit each request individually, and trust that the upstream brokers will respect the request and not re-ingest your data from the next scrape. In real conditions, almost no candidate does this. The opt-out theoretically exists. The opt-out functionally doesn't.

Even If You Wanted To, You Cannot Find Them All

The friction across individual vendor opt-outs is bad enough. The deeper problem is that you cannot opt out of a chain you cannot see. Here, simplified, is the supply chain behind a single sourcing-tool query:

When you opt out of the vendor at the end of that chain you have removed yourself from one node out of a graph you cannot see. The data broker still has your record. Six months later the broker re-sells it to a new vendor your tool of choice didn't know existed. The supply chain is opaque by design, because the brokers are not required to publish their customer list and the vendors are not required to publish their source list. You can only opt out of what you have already found, and you can only find what is willing to be found.

The legal mechanism that should fix this exists. It is UK GDPR Article 14. When personal data is collected indirectly, which is precisely what happens when a vendor scrapes you from LinkedIn or buys you from a data broker, the controller must notify the data subject within a reasonable period and at the latest within one month of first processing. The required information includes the source of the data, the categories held, the purposes, the lawful basis, the retention period, and the right to object. Almost nobody in this category does any of it. If every link in the chain complied, every UK professional would currently be drowning in source-disclosure emails. The silence is itself the violation.

And "Public" Is Not a Free Pass to Copy and Sell

The whole scrape-and-rank category quietly relies on a single legal theory: that personal data which appeared publicly somewhere can be copied, aggregated, re-sold, and commercially exploited without the data subject's involvement. That theory has been tested, repeatedly, and it has lost in every regulator and every court that has heard it properly.

Clearview AI built a face-recognition database from photos people had posted publicly online. "It was public" was the central defence. The UK Information Commissioner's Office fined them £7.5 million in 2022. The Italian DPA fined them €20 million. So did the French CNIL and the Greek HDPA. The Dutch DPA added €30.5 million in 2024. The Court of Justice of the European Union held in case C-184/20 (2022) that the public availability of data does not automatically remove its protection under the GDPR. The ICO's January 2024 guidance on web scraping for generative AI is explicit that "publicly accessible" is not the same legal category as data the subject has "manifestly made public" for the relevant processing purpose. The Article 6 "legitimate interest" basis that most sourcing vendors lean on requires a three-part balancing test the data subject's rights can win — and in a recruitment context, where the data subject is a private individual being scored, ranked and commercially contacted without their knowledge, the balance is not obviously winnable for the processor.

The ICO has been moving on the recruitment angle of this specifically. Its November 2024 audit identified, in its own words, tools that "scrape data and photographs from online sources such as social media without the candidate being aware" and tools that "retained the information indefinitely in order to build large databases of potential candidates or repurpose it to train, test and maintain their own AI tools." Between March 2025 and January 2026 the review was extended to more than 30 UK employers and direct letters were sent to 16 named organisations. A live consultation is open until 29 May 2026. In February 2026 the UK Data (Use and Access) Act 2025 added Articles 22A–22D to UK GDPR, giving data subjects explicit rights around automated decision-making, including the right to a meaningful explanation and to obtain human intervention. Sourcing and ranking against a brief is automated decision-making in the everyday sense, even before a recruiter clicks "contact". The vendors are betting nobody big enough will sue them. The Mobley class action and the imminent ICO consultation suggest that bet is closing.

And the Platforms Themselves Are Fighting Back

The scraping supply chain that feeds this category is also under direct legal attack from the upstream platforms. In 2026, LinkedIn obtained a permanent injunction against Nubela (Proxycurl), one of the largest profile-data resellers behind many sourcing tools, requiring the company to delete all LinkedIn data obtained through unauthorised means and to stop accessing LinkedIn unlawfully. In the same window LinkedIn sued ProAPIs, a software company alleged to have operated a network of over one million fake accounts to scrape profile data and sell it on for up to $15,000 a month per customer. The legal architecture that the AI sourcing category relies on, that public-facing profile data is fair game, has been losing in court.

The Spam That Comes Out the Other End

Even setting the regulatory exposure aside, the lived candidate experience is a separate, parallel disaster. Passive candidates in tech, finance and creative fields now receive between 10 and 30 recruiter messages a week across LinkedIn, email and other channels. The AI-outreach tools the same sourcing vendors sell are now sophisticated enough to reference a candidate's last conference talk, a comment on a recent post, a paper they were quoted in. The messages read like a human wrote them. They were not. And because every recruiter is now using the same class of tool, the inbox arms race has trained candidates to filter all of it. Senior professionals route the messages to spam, ignore LinkedIn DMs by default, and refuse to take a meeting that starts with a personalised cold approach because they have learned the personalisation is industrial.

The recruiter pays per profile, per message, per seat. The candidate pays in attention, in inbox volume, in a constant low-level erosion of trust in the entire channel. The vendor wins either way. This is not a business model that survives its own success.

Opt-In as Architecture: How describe.me Is Different

describe.me is the opposite design from the ground up. Candidates are in the platform because they chose to be there. They built a profile describing their experience, their skills, and the role they actually want next, in their own words. They set the criteria recruiters can match against, including a minimum salary, the locations they will work in, the role types they will consider, the working pattern they want. Recruiters search the platform. The Smart Matching engine ranks candidates by genuine match quality, with the score visible to both sides. Recruiters pay per contact, so they reach out only when they believe a candidate will engage. Every step is consent-led, every interaction is invited, and every candidate can change or remove anything they put in, including the profile itself, at any time, from inside the product.

That design isn't an ethics overlay on a scraped database. It's a different database. There is no shadow record of anyone who didn't sign up. There is no inferred score on a passive candidate who has never visited the platform. There is no upstream broker feeding profiles in. The reason describe.me has nothing to retrofit is that there is nothing ingested without permission to retrofit around.

Practically, that has compliance consequences. Article 14 indirect-collection notification does not apply because there is no indirect collection. The ICO's specific concerns about scraping, indefinite retention, and the repurposing of candidate data to train vendor models do not apply because none of those things happen. The new UK automated-decision rights under Articles 22A–22D apply cleanly because the platform was designed for them: scores are visible, criteria are explainable, candidates can challenge, and a human always makes the actual contact decision.

What Recruiters Should Do With This

The recruiter-side question is no longer whether AI sourcing is convenient. It plainly is. The question is whether being a paying customer of this category is a position you are willing to hold publicly. Your tool seat is funding the broker layer underneath. The shortlists you act on were assembled from data nobody consented to share. The cold-message templates you fire out are the downstream of that supply chain. None of that is invisible any more. The ICO is naming organisations. Candidates are getting better-informed about how their name reached your screen every quarter that passes. And the next class action in this space will not be limited to the vendor.

The defensible answer is going to be the opt-in answer. It will be the only one that holds when the ICO consultation concludes, when the Articles 22A–22D rights start being exercised at scale, when the next LinkedIn injunction lands, and when a candidate group with the right legal team decides this category is the next Workday-class action — only this time with the buyers in frame alongside the vendor.

We Considered Building an Opt-Out Tool. We Cannot.

While drafting this piece we seriously considered building a one-form automated opt-out service: one identity confirmation, one submission, dispatched in parallel to the privacy endpoints of every major sourcing tool and broker we could verify. It is the sort of consumer-protection tool a privacy-positioned company should be willing to build.

We are not going to. Not because the engineering is hard, but because the architecture defeats it before we start. The broker layer keeps re-ingesting the data we have just opted you out of, on its own schedule, with no obligation to tell anyone. The vendor list keeps growing and includes vendors that do not exist yet. The opt-out endpoints change without notice, sometimes require identity verification that defeats automation, and sometimes silently lapse the request. Most damning of all, we cannot opt you out of brokers we have never heard of, and neither can anyone else, because nobody in the supply chain is obliged to tell you they have you.

An opt-out tool would set an expectation of completeness we could not meet. It would also let the underlying category off the hook, because it would treat the symptom — you are in the database — rather than the disease — the database exists at all without your permission. The honest answer is that this category cannot be made consensual after the fact. The honest fix is that it should not have been built this way in the first place, and that the next generation of this tooling should not be allowed to exist on these terms.

This Is Bigger Than Recruitment

The scrape-and-rank pattern is not specific to hiring. The same architecture, with the same broker layer and the same legal exposure, runs underneath political micro-targeting, debt-collection scoring, insurance-risk inference, immigration-enforcement profiling, and the wider people-search industry. The names on the data-broker layer are mostly the same. The consent gap is mostly the same. The right-to-be-told and the right-to-object are routinely ignored across all of them in the same way.

Recruitment is the high-margin commercial wedge that keeps the supply chain underneath economically viable. It is also the place where the harm is provable, the data subjects are organised and well-resourced, and the lawful-basis question is the cleanest. That is why the ICO has prioritised the recruitment angle of its review. A regulator victory here is not just about hiring. It cascades into the much larger civil-liberties question of whether the public web is implicitly licensed for any commercial scrape someone can monetise. In law, it is not. In practice, it currently is. The gap between the two is exactly where this category lives, and it is now under direct pressure.

The Architecture Is the Argument

The reason this category is in trouble is not that the technology is bad. The matching is impressive. The outreach quality is real. The problem is that the underlying database was never built with consent as a design constraint, and you cannot bolt that on later. The ICO cannot approve a database that exists without permission. UK GDPR cannot accept a "legitimate interest" that conveniently outweighs the data subject's rights every single time. LinkedIn cannot co-exist with vendors that defeat its access controls. Candidates cannot be expected to spend their evenings filling in opt-out forms for a market they did not ask to be in. And the civil-liberties argument cannot tolerate the precedent that anything visible on the public web is implicitly licensed for any commercial scrape someone can monetise.

The only architecture that survives all of this is the one that starts with a yes. We built it that way because there isn't another way that holds. The scandal is that, for years, with venture funding and recruiter spend keeping it economically alive, an entire commercial category has been allowed to operate as though there was.

Opt-out is not consent. Opt-in is not an inconvenience. It is the entire product. And the next industry built on the inverse should not be allowed to be.