The California Delete Act: A Bill to Give Californians More Control Over Their Personal Data

Data Brokers
Posted: Apr 12 2023

We are proud to sponsor the California Delete Act (S.B. 362)—a bill introduced by State Senator Josh Becker—which would give Californians critical tools to take control of their personal information and protect their privacy.

Why the Delete Act Matters

Data brokers are companies that collect, use, and sell personal information—often without people's knowledge or consent. Though their business practices are largely invisible, data brokers can have a profound impact on people's lives.

 

The information data brokers sell and share can be used against people to facilitate targeted scams and fraud, expose intimate details about someone's life, and even jeopardize access to  healthcare.  These risks are present for everyone—but marginalized communities are often hit the hardest. 

 

What the Delete Act Does

By emphasizing transparency, accountability, and an accessible mechanism to exercise a person's rights,  the Delete Act has the potential to benefit all Californians.

  1. The Delete Act would incorporate definitions from the California Consumer Privacy Act, providing consistency with the existing law.
  2. Data brokers would be required to register with the California Privacy Protection Agency, pay a registration fee, and disclose the types of personal information they collect—promoting industry transparency.
  3. Data brokers would be required to compile and disclose information about requests they receive under the the California Consumer Privacy Act—shedding light on data handling practices.
  4. If data brokers fail to register as required by the Delete Act, they would face California Privacy Protection Agency enforcement.
  5. The California Privacy Protection Agency would create an accessible deletion mechanism to enable consumers to easily request the deletion of their personal information held by data brokers through a single verifiable consumer request.
  6. Data brokers would have to undergo an independent third-party audit every three years to ensure compliance with the Delete Act provisions and submit audit reports to the California Privacy Protection Agency.