California legislators accepted amendments on specific aspects of the existing Data Broker Registration law to help Golden State residents easily scrub personal information from the internet.
The new way for data agencies to address individual and business data deletion requests will be developed and managed by the California Privacy Protection Agency (CPPA).
The amendments, also known as the Delete Act (SB 362), will force data brokers to adhere to an accessible deletion mechanism, essentially allowing residents in the most populous state in the USA an easier way to request personal data deletion. Any data harvester refusing to cooperate with the new rules will be penalized.
Until now, it has been highly challenging to remove personal information from the internet harvested by data brokers. While the current law allows individuals to request data removal, the process was considered tedious and almost impossible to navigate.
It took an effort to submit requests and even find the business that harvested and published the personal information. Some data brokers intentionally refused to provide a streamlined process for deletion requests in order to discourage the public from asking them to get rid of the collected data.
Ending the Monopoly of Data Deletion Agencies
The weak laws created a lucrative business model for data deletion agencies, which offer fair results but could be very pricey. A regular person who wants to take personal data off the internet would have to fork out hundreds, even in some cases thousands of dollars, to hire an agency.
The new law aims to end the need for people to go through costly agencies and strive to make data deletion services more DIY-friendly. A single submission would be enough for individuals who wish to take advantage of the Delete Act.
Data brokers harvest publicly available information about individuals they don’t know personally. The collected data is often compiled into databases and sold to the highest bidder. Fraudsters often use such data to pick possible victims.
The more the criminals dig in, the more information they can collect to complete the critical data points puzzle and use the findings to commit crimes.
An eye on the future
Even though the bill just passed, it gives data brokers some breathing time as most of the new requirements will be enforced after the beginning of 2026. California is not the only state with strict regulations on data brokers, but past efforts to pass similar laws nationwide have failed on multiple occasions.
The Golden State’s recent effort and the ever-growing list of privacy concerns caused by data brokerage companies might indicate that a countrywide change might be on the way.