Third-Party Intent Data: Definition, Vendors, Price Ranges & GDPR Art. 6 Risk

Key Takeaway: Third-party intent data is buyer-intent signals purchased from networks that aggregate behavioral data across publisher sites, review platforms, and content syndication networks, properties you do not own. It provides category-level research signals months before a prospect visits your website, but carries GDPR Art. 6 legal risk because the original consent basis is often ambiguous or cross-purpose.

What is Third-Party Intent Data?

Third-party intent data is the behavioral evidence of prospect research activity collected from properties outside your control and aggregated by a data vendor who sells the resulting signals to go-to-market teams.

The mechanics: a B2B content network (a publisher, a review platform, a media property) places tracking code on its pages. When a known professional (identified by cookies, IP, or device ID cross-referenced with a B2B identity graph) reads multiple articles about "enterprise contract management software" in a 30-day window, the network infers an intent surge for that topic cluster at the company the professional is associated with. The vendor sells that surge signal, company, industry, topic, surge score, to any customer who licenses access to that category.

The value proposition is timing: third-party intent signals can appear 60-120 days before a prospect visits your website or submits a demo request. A company researching a category on Bombora-partner publisher sites in January may not contact vendors until March. Third-party intent data lets you start the relationship in January.

Major Vendors and Price Ranges

Bombora. The largest B2B intent co-op, covering approximately 5,000 B2B publishers. Signal is at the company level (not individual), categorized into ~6,000 intent topics. Pricing varies by topic coverage and seat count; typical starting contracts are $30,000-$60,000 per year for mid-market teams.

G2. Review platform intent: signals from visitors to G2 category pages, competitor comparison pages, and product profiles. High-quality signals because G2 visitors are explicitly evaluating solutions, not just passively reading. Pricing tied to category (popular categories command premium; niche categories are cheaper). G2 Buyer Intent licensing starts around $15,000-$25,000 per year for focused use cases.

TrustRadius. Similar to G2 but with a different audience composition (stronger in mid-market enterprise technology). Buyer intent signals from product research and review activity.

6sense. Aggregates Bombora topic data with its own first-party publisher network and enriches with predictive modeling. Priced as a platform (not just data); contracts typically start at $60,000+ per year for the full platform.

LinkedIn B2B Institute / LinkedIn Insight Tag. Not traditional intent data, but LinkedIn's Insight Tag on your website gives access to demographic data about your visitors, company, job function, seniority, which functions as a first-party signal with third-party enrichment.

Predictive scoring vendors (ZoomInfo Intent, Apollo Intent) resell Bombora data bundled with their enrichment databases. Useful if you are already a customer; generally less flexible than direct Bombora access for custom topic combinations.

GDPR Article 6 Legal Risk

Third-party intent data is the most legally complex signal type in EU-facing GTM operations.

The lawful basis question. Under GDPR Art. 6, personal data must have a specific lawful basis for each processing purpose. Third-party intent vendors collect data on their publisher networks; their stated lawful basis is typically a combination of legitimate interest (for B2B professional activity monitoring) and consent (for cookie-based tracking). The problem: the prospect who read an article on a publisher site consented, if they consented at all, to the publisher's use of data for "advertising personalization," not to "having their research activity sold to technology vendors for cold outreach targeting."

The onward transfer problem. When you purchase third-party intent data and use it to trigger outbound, you become a data controller processing data about individuals who have never heard of you. Your lawful basis for that processing must be documented separately (typically legitimate interest under Art. 6(1)(f), with a balancing test). If the original collection was invalid, your downstream processing inherits that invalidity.

Practical risk management. EU-focused legal teams typically take one of two positions: (1) use third-party intent only for account-level signals (company name, industry, topic) without individual-level identifiers, which reduces GDPR exposure significantly; or (2) treat third-party intent as a prioritization signal for cold outreach whose legal basis rests on the outbound communication's own legitimate interest basis, not on the intent data's consent chain. Position 2 is more aggressive and requires documented legitimate interest balancing tests.

The lowest-risk approach: use third-party intent data for account prioritization (which companies to target), and rely on first-party intent data (see First-Party Intent Data) and CRM-resident data for individual-level targeting.

How to Combine First- and Third-Party Intent

The most effective intent data strategy in 2026 layers both:

  1. Third-party surge detection identifies accounts that are researching the category 60-120 days in advance.
  2. Account enrichment validates ICP fit (firmographic match, technology stack, headcount growth).
  3. First-party signal activation triggers the high-touch sequence when the account arrives on your own properties.

This combination, third-party for early identification, first-party for high-confidence activation, reduces the legal surface area (you are not triggering individual outreach solely on third-party data) while capturing the timing advantage of early category research signals.

Related Concepts