HN

Need help?
<- Back
The Delete Act

The Delete Act

weaksauce

Comments (68)

  • DrewADesign
    Maybe there should be some kind of annual ISO privacy certification for companies that resell any customer data in any form. Then make data customers (e.g. marketing agencies, major retailers) and data collectors (e.g. those that collect telemetry data from libraries included in their app, auto manufacturers, wireless providers) civilly liable for any privacy violations dealing with uncertified brokers, making sure there’s an uncapped modifier based on the company’s annual revenue. That seems like it puts the bulk of the compliance responsibility on the parties that can do the most wide-scale damage with unethical and dodgy practices, while leaving some out there for others that need incentive to not ignore the rules.Haven’t really thought this through and I’m not a policy wonk… just spitballin’.
  • varenc
    Excited to see this! Because completing the CCPA "delete my data" process for 300+ data brokers just isn't feasible.Though I wonder what the second order effects of this might be. Imagine a service that vets tenants for landlords. If I've had all my data deleted, might I start failing background checks because the sketchy data brokers have no records of me? I fear a future where the complete absence of my data leads to bad side effects.
  • WD-42
    There’s a link to submit a DROP request at the bottom of the page. Is this live? I want to sign up.Unfortunately following the link results in an infinite redirect.
  • Antwan
    Data brokers made in California can now wreck all the world but California.
  • tylerchilds
    This is a great first step, but I’m actually interested in1. Getting a list of everyone that bought my records from data brokers 2. Reverse record linking to know who joined me, when, where, and howJust deleting myself from 500 of these databases is a good start that’s decades over due.Time to flip the scripts.
  • wdr1
    Does this apply to political lists too? I know political calls/text are excluded from Do Not Call and hence I get a crap ton of political spam texts (most recently from "Adam Miller for Congress OH-15", despite never living in Ohio). I'd really, really like to remove myself from all these political lists.
  • doodlebugging
    According to that page Texas also requires data brokers to register. As a Texan it seems unlikely that they do this to protect consumers. It feels more like they want to know who their market is as they surveil their citizens and rake in as much moola as possible. Identifying which broker will pay the highest premiums for real-time information about Texans' travel from license plate and traffic cameras, which businesses they visit, etc will allow them to get sweet kickbacks from the industry lobbyists who can openly pass around envelopes of cash on the floor of the legislature.
  • firesteelrain
    Sounds an awful like The Right to be Forgotten under GPDR Article 17
  • Dwedit
    Saw the domain "ca.gov" and mistook it for Canada. Then wondered why it started mentioning California a lot.
  • guessmyname
    hmm (thinking) infinite loop, eh? $ curl -i -A - 'https://consumer.drop.privacy.ca.gov/maintenance.html' HTTP/2 307 content-type: text/html location: https://consumer.drop.privacy.ca.gov/coming-soon.html date: Thu, 01 Jan 2026 02:22:37 GMT […] $ curl -i -A - 'https://consumer.drop.privacy.ca.gov/coming-soon.html' HTTP/2 307 content-type: text/html location: https://consumer.drop.privacy.ca.gov/maintenance.html date: Thu, 01 Jan 2026 02:22:46 GMT […]
  • nineteen999
    Can only hope this spreads like wildfire throughout the world.
  • weaksauce
    I wonder how well this will work without other the states not being in on it and what other unintended consequences this may bring. sounds like a good start though.
  • smurda
    When the CCPA launched in 2018 companies had to comply when a consumer requested a Data Subject Access Request (DSAR). Because the consumer had to request a DSAR not all companies felt this compliance pain acutely (e.g. it was mostly big companies with A LOT of users that got more DSARs, so they adopted workflows and tools to alleviate the pain).The Delete Act has more teeth. Independent compliance audits begin in 2028 with penalties of $200 per day for failing to register or for each consumer deletion request that is not honored. GDPR spurred organizations to compliance, partly because of the steep penalty (up to €20 million or 4% of revenue, whichever is higher), maybe The Delete Act (and its much smaller penalty) will also spark organizations to comply.
  • metabagel
    Is Facebook a data broker? Reddit? Google?
  • sonu27
    Sounds similar to GDPR here in Europe.
  • Meneth
    I suppose that these records of personal data does not constitute "speech" in a First Amendment context?
  • socalgal2
    Only tangentially releated but I thought the EU required that you can delete selective data. Example: Being able to delete a single email vs having to delete all emails.And yet, Gemini does not seem to let me delete queries. This is unusual for Google who provides ways to delete pretty much all data on selective basis. Maybe I just can't find the option. Or maybe this option only exists if I'm in the EU
  • nee1r
    glad the timelines are short and hope its user friendly
  • anon
    undefined
  • petesergeant
    > one of four states (also Oregon, *Texas*, and Vermont) who require data broker registration.This does feel like an area where there could be useful bipartisan agreement if packaged properly.
  • iwontberude
    California is a real country, United States is a joke
  • diogenescynic
    It seems anti-free speech. If the same thing were done via physical media, would we still support this? I am definitely no fan of data brokers, but I also am no fan or suppressing speech. This seems like the equivalent of banning old phone books before the internet.
  • UpstairsEmpire
    [flagged]
  • UpstairsEmpire
    This is the kind of thing the federal goverment would be doing if it gave a shit about its people.