Skip to main content

The CA Delete Act (SB 362) Passed the California Legislature Sept 15, 2023 – Why It Matters 

September 15, 2023

The Delete Act is a legal framework that gives consumers powerful new rights restricting the collection and use of personal information by a diverse range of data brokers.

This framework for regulating the data broker industry was first proposed in congress in 2022, and was re-introduced in early 2023 in California, who has been leading the way in passage of new consumer data privacy law since 2018.

The core provision of the Delete Act is that it will require all data brokers operating in California to register with the new state privacy agency, and provide a single, universal opt-out mechanism for all CA residents.  

All registered companies will be required to delete and no longer track any information they have on individuals who exercise their rights via the state privacy agency. 

The law will not come into effect overnight: the provisions will not begin to be enforced until July of 2026.

There is always the possibility of “death by amendment” – where between passage and enforcement, the law is eventually watered down.  But we believe this is unlikely because of the strong, and still growing support from California voters for improved data privacy protections.

Today’s passage of the law in CA dramatically increases the likelihood that other states – and potentially Congress, who reintroduced their own version in June – will quickly follow suit, and enact similar standards. This is exactly what has happened with state data privacy laws after California first passed the CCPA. 

The implications for consumers, our data-driven economy, and our consumer privacy industry, are enormous.  

This is a big win for consumer rights

The passage of the Delete Act framework is a huge advance for consumer data privacy and signals continued momentum for stronger data privacy rights across the country.  

Exercising data brokers opt-outs is complex (by design), and laws like the Delete Act will require the industry to simplify and standardize processes, giving both consumers – as well as DeleteMe as a leader in Privacy as a Service – greater ability to protect personal information.

That said, individual state privacy agencies like California’s will remain under-resourced when it comes to monitoring and redressing the vast range of consumer data misuse that happens daily. And its why we strongly believe that the Privacy as a Service industry will continue to play an important role in helping provide transparency and confirmation of compliance to consumers and regulators.

Data broker warnings about economic harms are mostly overblown

The promised negative impacts warned about by the data broker industry are – for the most part – either minor, or simply wrong.  Claims of “increased risk of identity theft” are the most absurd, given the industry’s enablement of a vast expansion of consumer fraud and social engineering over the last decade.  The kinds of ‘knowledge-based authentication’ methods which data brokers pretend still functions as fraud-prevention have long been obsolete.

The law will be a significant blow to the digital advertising industry, as well as a range of data-mining services they rely upon; and it will affect some currently “free” service offerings where “consumer data is the real product”; but these costs are coming after a decade of wild-west abuse of sensitive personal information, and the data broker industry is more than capable of surviving and adapting to a world where consumers have stronger controls over their personal information.

The ‘Privacy as a Service’ industry that DeleteMe pioneered is empowered by this law

Things like Federal “Do Not Call Registry” (which is a comparable legal framework) did not end the robocalls problem for consumers. Similarly, the Delete Act will not end widespread collection and monetization of sensitive personal information.  Regulations are only ever as good as their enforcement mechanisms, and the problem that state privacy agencies are taking on will ultimately require the kind of auditing and active-intervention that the Privacy as a Service industry already does every day. 

Privacy protection for both individuals and executives/employees requires continuous monitoring and diligence.  Data brokers count on this – because the work required to opt out and protect your privacy at every place with your data is too great for 99% of individuals today to deal with. This underscores the need for legislatures to pass privacy protection laws that give voters privacy rights AND which enable Privacy-as-a-Service providers to help make it easy for people to continuously enforce these rights.

DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…

Don’t have the time?

DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

Save 10% on DeleteMe when you use the code BLOG10.

Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records of personal data from the web

Special Offer

Save 10% on any individual and family privacy plan with code: BLOG10

Related Posts

We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…
We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…
We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…