What you need to know about the California Delete Act
If you, like so many of us, are inundated with constant spam calls and emails from companies you have never heard of before, you may be curious as to how you can stop these emails and calls. You may also be wondering where these companies even obtained your information from. The truth is that the personal information of millions of Americans is bought and sold every day by data brokers. In addition, even those residing in states such as California that have the right to ask for their personal data to be deleted or to not be sold would have to contact hundreds of companies to actually stop the sale of their data. Fortunately, a new privacy law, which is up for signature to the Governor of California, would stop this nuisance by allowing residents of California to quickly request the deletion of their personal data from multiple data brokers – the California Delete Act. In this article, we will discuss the California Delete Act and how it helps consumers.
What is the California Delete Act?
The California Delete Act is a privacy law that would allow consumers to make a one-time deletion request of all of their information that is aggregated by registered data brokers that operate in the State of California. The Act will transfer the oversight of all data brokers to the California Privacy Protection Agency, which will be required, by January 1, 2026, to create a public deletion mechanism. The mechanism will allow residents of California (or their authorized agent) to submit a single consumer request requiring that every data broker in the state delete that consumer’s personal information. This mechanism will be available to residents of California for free online and will be similar to the Do Not Call Registry.
Who does the California Delete Act apply to?
The California Delete Act will apply to “data brokers”, which are defined as any business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. Thus, the Act will apply only to those businesses whose sole purpose is to buy and sell consumer information and it will not apply to businesses that have a direct relationship to a consumer (e.g. stores from which the consumer made purchases).
What does the California Delete Act require?
The California Delete Act requires all data brokers to register with the California Privacy Protection Agency, pay a registration fee and to provide the Agency with the following information:
- The name of the data broker and its primary physical, email and internet website addresses;
- Whether the data broker collects the personal information of minors;
- Whether the data broker collects geolocation information;
- Whether the data broker collects consumers’ reproductive health care data;
- The number of consumer privacy rights requests that the data broker has received;
- The median and mean number of days within which the data broker has substantively responded to such requests.
Data brokers are also required to publish a Privacy Policy on their websites that includes information on how consumers can exercise their privacy rights. It is important to note that the Act requires data brokers to not make use of any dark patterns.
If signed into law, the California Delete Act will provide residents of California with a substantial privacy right – the right to delete personal information without having to determine who has the consumers’ personal information and without having to contact hundreds of companies with their request. This Act will allow residents of California to stop the indiscriminate sale of their personal information and the unwanted spam that comes with such sales.
