39 Million Californians Can Now Legally Demand Data Brokers Delete Their Personal Data

While California's residents have had the right to demand companies stop collecting/selling their data since 2020, doing so used to require a laborious opting out with each individual company," reports TechCrunch. But now Californians can make "a single request that more than 500 registered data brokers delete their information" — using the Delete Requests and Opt-Out Platform (or DROP): Once DROP users verify that they are California residents, they can submit a deletion request that will go to all current and future data brokers registered with the state...

Brokers are supposed to start processing requests in August 2026, then they have 90 days to actually process requests and report back. If they don't delete your data, you'll have the option to submit additional information that may help them locate your records. Companies will also be able to keep first-party data that they've collected from users. It's only brokers who seek to buy or sell that data — which can include your social security number, browsing history, email address, phone number, and more — who will be required to delete it...

The California Privacy Protection Agency says that in addition to giving residents more control over their data, the tool could result in fewer "unwanted texts, calls, or emails" and also decrease the "risk of identity theft, fraud, AI impersonations, or that your data is leaked or hacked."

likely to fail

[awwshit]

We can hope it will work. We will see just how far the long arm of California law reaches. The Do Not Call list really became a verified list to abuse.

Re: likely to fail

[flyingfsck]

Hmm. I suppose you just has to supply your phone number, SIN, driver's license, residential address, email address and three social media account logins, to enable them to delete your data...

Re:likely to fail

[mjwx]

We can hope it will work. We will see just how far the long arm of California law reaches. The Do Not Call list really became a verified list to abuse.

Sadly that's all those lists become, a list of numbers that tell scammers and spammers that a line has a person behind it. One of their biggest problems are paying agents to talk to unattended lines (the people working for scammers are happy to scam their employers, you're shocked, I can tell).

What's needed is to go after the telcos and other businesses that permit this, especially as they're profiting from it, even though it's indirect profit they're still benefiting and permitting it. You want to curtail this kind of activity, punish those enabling it.

I've never joined a no-call list in my life, I've always figured that keeping my number as secret as possible is a better defence which means not handing it out to all and sundry. It's like underpants, they know I'm wearing some but not what colour or kind they are.

Re:

[ctilsie242]

If they changed the law just a bit, it would be useful. All numbers must go through a hash mechanism, and if the number matches a hash, don't call it. This way, they can't just use the DNC list as a base of operations.

Re:

[NickDngr]

We can hope it will work. We will see just how far the long arm of California law reaches. The Do Not Call list really became a verified list to abuse.

BFD. With all of the notices I've gotten about hacked systems releasing all of my info, it seems everyone has everything already anyway. This can't make it any worse, at least for the abusers that wouldn't be following the rules anyway.

They will move off shore

[schwit1]

Then what?

Does this include California government databases?

Re:

[ObliviousGnat]

And the FEC database [fec.gov]?

Re:

[Cajun Hell]

I think his point might be: can you shoot a Californian from a non-extradition country? Presumably at least one of the middlemen in charge of delivering the bullet, will be exposed to CA jurisdiction near the end of the delivery.

I Love You

[Arzaboa]

XOXO xoxo to all Californians!

--
I've lived in California for six years and I've never surfed. - Bill Skarsgard

Re:

[Sloppy]

No kissing and telling! I demand you scrub from the internet all references to the personal information about the hugs and kisses I received from you.

Sure buddy

[Slashythenkilly]

Im sure it will be just as good as the "do not call" list which means only scammers will call you 10-15 times per day. Also the drop down calander that you have to scroll through to enter your birthday is next to fukin stupid.

A great first step

[gurps_npc]

The real problem is not the data brokers but the data buyers. You know the top 100 largest companies have already bought the data from all the brokers. And they collect more data on you that they do not sell.

They do not sell, which means they are not registered data brokers. And in the United States there are NO laws that apply to their data. That means:

1) You cannot get them to delete anything.
2) They will not tell you what data they have on you.
3) They will not even tell you if they have any data on you.

California's law is a good one, but it is just the start of what we really need to do.

Re:

[AmiMoJo]

Data goes stale fast though.

Don't they have anything like GDPR to deal with hoarding info?

State legislators are easy to buy

[Beeftopia]

State legislators are easy to buy and not that expensive, like federal politicians. I'll bet the data brokers don't have an association in California. If they form that, and shell out some cash to legislators, this law will be rolled back.

Sure they'll delete it.

[Petersko]

A quarter century ago I briefly dated a stripper. She needed new posters to sell, but she couldn't afford a professional photographer and she wanted control of the masters. This was near the dawn of digital photography for consumers and I had a camera, so I agreed to take them. We did a shoot with a couple hundred photos. They weren't great, but it got the job done.

Shortly after that we stopped seeing each other. She asked me for the photos, and requested I delete them. I said yes. I burned the shots to two copies on CDs and gave them to her.

I did not delete them.

I never shared them with another soul, but I absolutely lied to her. I knew I was lying as I said it. And my reasons were up front and simple. Fast forward to me today, and the only difference is that today I'd be honest about not deleting them. I would promise to keep them private.

Now these brokers have a vastly stronger motive to lie. Money. Lots and lots of it. I guarantee you data that is "deleted" is just relocated. Even if there's no immediate plan for it, it will be hoarded. And there are so many ways to do it you cannot catch them.

Re:

[bobby]

I wonder if once they've sold the data to whoever (evil) entities that want it, there's no more market for that particular data, so they don't mind "deleting" it.

Re:

[The-Ixian]

You make a good point.

I wonder if this just becomes some kind of shell game where you have a company physically located in a country with no extradition treaty that you "sell" the data too then "rent" access to an API with all the data you just sold them...

Re:

[TheMiddleRoad]

You sound like a great guy.

Re:

[Anonymous Coward]

At least he's honest. The majority of politically vocal people (your sig) will tell all kinds of lies online if it makes them look good to their peers.

Re:

[Petersko]

I read it, of course. But I'm 55. If the worst thing I do in my life is hang on to is secretly hang on to some nudes of an ex but not spread them around, I'm comfortable with that. :) I have the gift of middle age - the awareness that not everything I've done is stellar, and the clarity that no single act defines a person. We're complicated.

Re:

[TheMiddleRoad]

You also have the choice of deleting the photos now.

When I was accidentally forwarded financial info for a non-profit organization I'm a member of, I had the opportunity to see what a lot of people were donating. I trashed the email, emptied the trash, and then told the sender what happened and that I had done so.

Re:

[battingly]

The difference is you were the only one who knew about your lie. A data broker has a large staff of people who would need to be relied up to keep the lie a secret.

Re:

[allo]

Now assume a law that is worth the paper it is written on like GDPR and you either try to monetize the data or it leaks. Then you may face fees that can financially ruin you. That makes companies think twice about storing data that may make them a few cents but is a huge legal risk.

Re:

[Petersko]

Or you sit on it until circumstances change. Wash the data one direction, wash the money in others. Data brokerage started out off of plumb. It's not going to get straighter. The ethics were broken from the get go.

Traceability is no deterrent. Putting serial numbers on cars didn't stop auto thef5.

flock cameras

[roman_mir]

So will they be able to demand that flock and other types of cameras delete and do not record everyone's personal information?

https://youtu.be/uB0gr7Fh6lY?s... [youtu.be]

and if you do not think they have your personal information, here, watch this: https://youtu.be/vU1-uiUlHTo?s... [youtu.be]

with AI they DO have your personal data. They can see you and follow you in real time, they know where you live, they know what you drive, they know who you are, they know everything about you because you cannot escape 80,000 + cameras everywhere, ALPR (Automatic License Plate Readers) and PTZ (Pan to Zoom) cameras.

There is no more 4th amendment in the USA with this technology available to the state.

Re:

[CommunityMember]

So will they be able to demand that flock and other types of cameras delete and do not record everyone's personal information?

In theory, yes. How that will work in practice is still untested. I recommend those in CA ask flock to delete all their information (and see how they respond). If they do not respond in a way you agree with, send the documentation of non-compliance to the CA AG (who seems to be willing to take these companies to court).

These are incompatible requirements

[DogFoodBuss]

The idea of deleting a consumer's data is at odds with the requirements for CCPA opt-out. Anyone who submits an opt-out request needs to be on record that they don't want their data to be used for certain purposes. If a data broker is required to delete the consumer's data, how are they supposed to honor opt-out going forward as they get updated data that might include the identities again?

Re:

[tepples]

I haven't read this bill. But if it's remotely like the right of erasure pursuant to the European Union's GDPR, it does not apply to data that a data broker is required by law to retain.

Remember the Federal Do Not Call list?

[Tony Isaac]

https://www.donotcall.gov/ [donotcall.gov]

How did that work out?

Let's see if California can do anybetter.

If I move to CA tomorrow

[kmoser]

If I move to California tomorrow, will they be required to delete any information about me prior to my move?

by-pass the CLOUD

[NotEmmanuelGoldstein]

This is a law designed to shut-down data-brokers. Everyone will still collect your data: The law demands it. Anyone else, having your PII, can keep it. Corporations have been moving data out of the US for decades, to by-pass laws just like this. It's why the US has the CLOUD ('all your data are belong to us') act but of course, it won't be used against faceless corporations.

registered

[pahles]

"a single request that more than 500 registered data brokers delete their information"

How about the data brokers that are NOT registered?

data brokers

[gary s]

The big issue is going to be how broadly or loosely they define data brokers. Does a data broker with no presence in CA care what CA law is? How does a person know where their data even is? it appear you have to go to a every provider your self. I am sure they brokers are not going to make it easy. Another law that isnt going to work, This needs to be federal and define what can and cant be collected and or sold. Dear hacker, Please remove my data from your hacking files on me per California DROP laws...

Can demand anything ...

[oshkrozz]

How will it be enforced?

I learned yesterday that the Magnusonâ"Moss Warranty act spelled out in detail that if a company doesn't honor the warranty and you take them to court they have to cover attorney fees. That is all great except that the judges decided, nah we are not going to follow that, instead we will say no to the fees and only allow to recover the loss. Thus making the law useless since no lawyer will take the case as they know this will happen.

I suspect this will be similar

Horrible user interface

[hwstar]

Governments are paranoid about being sued, therefore they tend to design user interfaces which are very difficult to use and demand bunches of redundant information entry as well as multiple cross-checks which typically fail thereby discouraging citizens from accessing the promised service.

The Drop site is a prime example of the "friction" mentioned above. I tried to sign up, but the email verification check failed.

Success is questionable

[linuxwrangler]

The site runs you through hoop after hoop. You need a "verified" ID such as login.gov. I had that for other reasons but even then it ping-pongs you between phone and web and requires you to send in photos of the front and back of your government ID. After jumping trhough all of them, the site simply crashed. Not a good start. If I do manage to get the site to work, I'm curious how it will handle my multiple email addresses and phone numbers.

Re:

[Andyvan]

I had a better experience on the site, but it could still use some improvement. I used the site on January 2, so the issue I ran into may have been fixed, since I did report it in the feedback box.

The problem I had is that the page automatically refreshed itself while I was looking up my Mobile Advertising ID (MAID). This meant that I had to re-enter my email addresses and phone number, and re-verify them. Note that you have to verify the phone number that was just used to verify your login.gov account.

When

Re:

[Randseed]

We know Kalifornia has a great record with the likes of Proposition 65.

Re:

[aRTeeNLCH]

Sounds to me like they are profiling you.....