California has launched a statewide platform that allows residents to request the deletion of their personal information from hundreds of data brokers through a single submission, marking a new phase in the state’s efforts to limit the collection and resale of consumer data.
The new system, called the Delete Requests and Opt-Out Platform, or DROP, implements the Delete Act passed in 2023. While California residents have had the legal right since 2020 to demand that companies stop collecting and selling their personal data, the process previously required contacting each data broker individually. DROP is designed to replace that process with a centralized request that applies to all data brokers registered with the state.
How The DROP System Works
Once users verify that they are California residents, they can submit a single deletion request through the DROP platform. That request will be sent to all current data brokers registered with the state, as well as any brokers that register in the future.
The platform does not trigger immediate deletion. Data brokers are scheduled to begin processing requests in August 2026. From that point, they will have 90 days to locate, delete the requested data, and report back on the action taken. If a broker is unable to find the data, residents will be able to submit additional information to help identify their records.
Scope And Limits Of Data Deletion
The requirements apply specifically to third-party data brokers whose business involves buying or selling personal data. Companies are allowed to retain first-party data collected directly from users through their own services.
The types of information subject to deletion can include social security numbers, browsing histories, email addresses, phone numbers, and similar identifiers commonly traded by data brokers. Some categories of information are exempt. Public records, such as voter registrations and vehicle records, are not covered by the deletion requirement. Certain sensitive data, including medical information, may fall under separate laws such as HIPAA.
Enforcement And Penalties
The program is overseen by the California Privacy Protection Agency, which said the platform is intended to give residents more direct control over their personal information. The agency said broader data deletion could reduce unwanted calls, messages, and emails, while also lowering the risk of identity theft, fraud, AI impersonation, and data breaches.
Under the law, data brokers that fail to register with the state or do not comply with deletion requests can face penalties of $200 per day, in addition to enforcement costs.
The agency said the DROP platform is expected to serve as a central enforcement mechanism as California expands its privacy framework and oversight of the data broker industry.
Featured image credits: Pix4Free
For more stories like it, click the +Follow button at the top of this page to follow us.