Third-Party Intent Data: Definition, Vendors, Price Ranges & GDPR Art. 6 Risk

Key Takeaway: Third-party intent data is buyer-intent signals purchased from networks that aggregate behavioral data across publisher sites, review platforms, and content syndication networks — properties you do not own. It provides category-level research signals months before a prospect visits your website, but carries GDPR Art. 6 legal risk because the original consent basis is often ambiguous or cross-purpose.

What is Third-Party Intent Data?

Third-party intent data is the behavioral evidence of prospect research activity collected from properties outside your control and aggregated by a data vendor who sells the resulting signals to go-to-market teams.

The mechanics: a B2B content network (a publisher, a review platform, a media property) places tracking code on its pages. When a known professional (identified by cookies, IP, or device ID cross-referenced with a B2B identity graph) reads multiple articles about "enterprise contract management software" in a 30-day window, the network infers an intent surge for that topic cluster at the company the professional is associated with. The vendor sells that surge signal — company, industry, topic, surge score — to any customer who licenses access to that category.

The value proposition is timing: third-party intent signals can appear 60-120 days before a prospect visits your website or submits a demo request. A company researching a category on Bombora-partner publisher sites in January may not contact vendors until March. Third-party intent data lets you start the relationship in January.

Major Vendors and Price Ranges

Bombora. The largest B2B intent co-op, covering approximately 5,000 B2B publishers. Signal is at the company level (not individual), categorized into ~6,000 intent topics. Pricing varies by topic coverage and seat count; typical starting contracts are $30,000-$60,000 per year for mid-market teams.

G2. Review platform intent: signals from visitors to G2 category pages, competitor comparison pages, and product profiles. High-quality signals because G2 visitors are explicitly evaluating solutions, not just passively reading. Pricing tied to category (popular categories command premium; niche categories are cheaper). G2 Buyer Intent licensing starts around $15,000-$25,000 per year for focused use cases.

TrustRadius. Similar to G2 but with a different audience composition (stronger in mid-market enterprise technology). Buyer intent signals from product research and review activity.

6sense. Aggregates Bombora topic data with its own first-party publisher network and enriches with predictive modeling. Priced as a platform (not just data); contracts typically start at $60,000+ per year for the full platform.

LinkedIn B2B Institute / LinkedIn Insight Tag. Not traditional intent data, but LinkedIn's Insight Tag on your website gives access to demographic data about your visitors — company, job function, seniority — which functions as a first-party signal with third-party enrichment.

Predictive scoring vendors (ZoomInfo Intent, Apollo Intent) resell Bombora data bundled with their enrichment databases. Useful if you are already a customer; generally less flexible than direct Bombora access for custom topic combinations.

GDPR Article 6 Legal Risk

Third-party intent data is the most legally complex signal type in EU-facing GTM operations.

The lawful basis question. Under GDPR Art. 6, personal data must have a specific lawful basis for each processing purpose. Third-party intent vendors collect data on their publisher networks; their stated lawful basis is typically a combination of legitimate interest (for B2B professional activity monitoring) and consent (for cookie-based tracking). The problem: the prospect who read an article on a publisher site consented — if they consented at all — to the publisher's use of data for "advertising personalization," not to "having their research activity sold to technology vendors for cold outreach targeting."

The onward transfer problem. When you purchase third-party intent data and use it to trigger outbound, you become a data controller processing data about individuals who have never heard of you. Your lawful basis for that processing must be documented separately (typically legitimate interest under Art. 6(1)(f), with a balancing test). If the original collection was invalid, your downstream processing inherits that invalidity.

Practical risk management. EU-focused legal teams typically take one of two positions: (1) use third-party intent only for account-level signals (company name, industry, topic) without individual-level identifiers, which reduces GDPR exposure significantly; or (2) treat third-party intent as a prioritization signal for cold outreach whose legal basis rests on the outbound communication's own legitimate interest basis, not on the intent data's consent chain. Position 2 is more aggressive and requires documented legitimate interest balancing tests.

The lowest-risk approach: use third-party intent data for account prioritization (which companies to target), and rely on first-party intent data (see First-Party Intent Data) and CRM-resident data for individual-level targeting.

How to Combine First- and Third-Party Intent

The most effective intent data strategy in 2026 layers both:

  1. Third-party surge detection identifies accounts that are researching the category 60-120 days in advance.
  2. Account enrichment validates ICP fit (firmographic match, technology stack, headcount growth).
  3. First-party signal activation triggers the high-touch sequence when the account arrives on your own properties.

This combination — third-party for early identification, first-party for high-confidence activation — reduces the legal surface area (you are not triggering individual outreach solely on third-party data) while capturing the timing advantage of early category research signals.

Related Concepts