Starting this year, a single request form will allow Californians to demand that data brokers delete their personal information and refrain from collecting or selling it in the future.
Third parties are constantly lurking as you navigate the internet, collecting data they can later aggregate and sell, according to the Electronic Privacy Information Center. These data brokers can gather your email addresses, Social Security number, as well as details about your income, political preferences and martial status — often without your knowledge — and offer that information to everyone from advertisers to landlords to debt collectors.
You have the right to request a broker delete your information from their databases, but it’s an often-arduous task that entails identifying specific brokers who have your info, then reaching out to them individually with removal requests.
Now, that’s no longer the case — at least in California.
Californians can instead fill out one form on the state’s online Delete Request and Opt-out Platform, also known as DROP, to request that all registered data brokers scrub their personal information.
What is DROP?
In 2023, Gov. Gavin Newsom signed state Senate Bill 362, also known as the Delete Act, which directed the California Privacy Protection Agency to create a first-of-its-kind single website on which residents could order all registered data brokers in the state to delete their personal information.
Data brokers are required by state law to register with the agency and pay a yearly registration fee; failure to do so could result in civil penalties and fees. There are more than 500 data brokers currently registered, online data show.
How does DROP work?
As of Jan. 1, you can now submit your DROP request by following three steps on the California Privacy Protection Agency website:
- Confirm your identity as a California resident through the state’s digital identification service.
- Create a profile by providing basic information such as your full name, phone number and email.
- Fill out your DROP request.
What information are data brokers required to erase?
Data brokers are required to delete your personal information upon request — including what’s gleaned from your web searches or the apps you use.
There is some information that brokers don’t have to ditch, such as first-party data collected by a company directly from its customers or audience.
Information that’s publicly available, such as vehicle, real estate or voting records, also does not need to be scrubbed.
How soon are data brokers required to delete your information?
A DROP request is sent to all registered data brokers that have your personal information. However, they don’t have to act on the request until Aug. 1.
At that time, data brokers are required to delete your data within 90 days. After Aug. 1, the Delete Act requires that data brokers must process DROP requests every 45 days.
They also have to report the outcome of each DROP request to the California Privacy Protection Agency.
If data brokers fail to comply with a DROP request, they face a daily fine.
To confirm that data brokers are complying with the Delete Act, the Privacy Protection Agency will conduct independent audits starting Jan. 1, 2028, and every three years thereafter.
Will a DROP request change my online experience?
Once your information is scrubbed, it might not be noticeable. But because data brokers operate in the shadows, “we’re often unaware of how that ecosystem affects us,” said John Davisson, director of litigation and senior counsel for the Electronic Privacy Information Center.
The real-world effects might be more apparent. Data brokers create detailed individual profiles of online users that are used by advertisers, landlords, debt collectors and others who purchase the information.
That collected information can be used against you to deny access to credit, employment, housing or other life opportunities, Davisson said. Once data brokers delete your personal information and are unable to sell it, those businesses will rely only on the information you provide them.
You may also notice a drop in spam calls, texts and emails, according to the Privacy Protection Agency.
Another potential benefit could be a decreased risk of identify theft, fraud, artificial intelligence impersonations or hacked data.
“The more that data brokers are not allowed to traffic on our personal information, the less of it there will be, and the more diminished the targets will be for third-party hackers,” Davisson said.
The program, Davisson said, offers peace of mind in knowing that “thousands of brokers who previously could sell your information with impunity now no longer can do so.”
“It’s also about the security of knowing you are in control,” Davisson said. “You have power over how your personal information is used.”
The post New California tool can stop brokers from selling your personal online data. Here’s how appeared first on Los Angeles Times.
