California (USA) has put into operation a tool to help residents limit the collection, storage and trading of personal data by data brokers.
This tool is considered an important step forward in efforts to strengthen privacy and protect personal information in the digital environment.
Previously, from 2020, California residents had the right to request companies to stop collecting and selling personal data under the state's privacy law.
However, in reality, this process is quite complicated when users have to contact and send individual requests to each data brokerage company. This makes many people give up because it takes time and makes it difficult to track results.
The Delete Act passed in 2023 changed this approach. Accordingly, residents only need to send a single request to delete personal data from more than 500 data brokers registered to operate in California.
To realize the law, the state has implemented the Platform for Requests to Reject and Reject Participation, abbreviated as DROP.
After users verify themselves as California residents, they can send data deletion requests via DROP. This request will be automatically transferred to all current data brokers and future registration units.
However, data deletion will not take place immediately. According to regulations, brokers are expected to start processing requests from August 2026 and have a maximum of 90 days to complete and report results.
In case the broker cannot find or has not deleted the data, users can provide additional information to support identifying personal records.
However, not all types of data are required to be deleted. Companies are still allowed to keep the data they directly collect from users.
The deletion regulation mainly applies to data brokers specializing in buying and selling data, including social security numbers, web browsing history, email addresses, phone numbers and many other personal information.
Some data is exempted because it belongs to public records, such as vehicle registration or voter lists. In addition, sensitive information such as medical data may be subject to the provisions of other specialized laws, such as HIPAA.
According to the California Privacy Protection Agency (CPPA), the DROP tool not only helps people better control personal data but also contributes to reducing unwanted messages, calls and emails.
More importantly, this helps limit the risk of identity theft, fraud, artificial intelligence impersonation and data leakage. Data brokers who do not comply with regulations may be fined $200 per day, not including additional enforcement costs.
