We are proud to sponsor the California Delete Act (S.B. 362)—a bill authored by State Senator Josh Becker—which would give Californians critical tools to take control of their personal information and protect their privacy.
Why the Delete Act Matters
Data brokers are companies that collect, use, and sell personal information—often without people's knowledge or consent. Though their business practices are largely invisible, data brokers can have a profound impact on people's lives.
The information data brokers sell and share can be used against people to facilitate targeted scams and fraud, expose intimate details about someone's life, and even jeopardize access to healthcare. These risks are present for everyone—but marginalized communities are often hit the hardest.
Why Existing Law Isn't Enough
Where data brokers are concerned, it is practically impossible for Californians to exercise the rights they gained under the hard-fought California Consumer Privacy Act.
- Overwhelming quantity of data brokers. There are hundreds of registered data brokers. To request deletion of personal data, people currently are required to submit a separate request to each company individually.
- Lengthy process. Even if someone manages to submit hundreds of requests to companies with which they have no direct relationship,it can take up to three months to find out if information has been deleted.
- Continuous data collection. Data brokers are continuously collecting new personal data. Even if a person's deletion request is successful, the broker could start quickly re-collecting information. As a result, people would be required to make deletion requests on an ongoing basis, leading to a never-ending cycle of deletion requests.
What the Delete Act Does
The Delete Act aims to address the glaring gaps and give Californians an opportunity to regain some control over their personal data. By emphasizing transparency, accountability, and an accessible mechanism to exercise a person's rights, the Delete Act has the potential to benefit all Californians.
- The Delete Act would incorporate definitions from the California Consumer Privacy Act, providing consistency with the existing law.
- Data brokers would be required to register with the California Privacy Protection Agency, pay a registration fee, and disclose the types of personal information they collect—promoting industry transparency.
- Data brokers would be required to compile and disclose information about requests they receive under the the California Consumer Privacy Act—shedding light on data handling practices.
- If data brokers fail to register as required by the Delete Act, they would face California Privacy Protection Agency enforcement.
- The California Privacy Protection Agency would be directed to create an accessible deletion mechanism to enable consumers to easily request the deletion of their personal information held by data brokers through a single verifiable consumer request.
- Data brokers would have to undergo an independent third-party audit every three years to ensure compliance with the Delete Act provisions and submit audit reports to the California Privacy Protection Agency.
