California Passes Landmark “Delete Act,” Establishing Consumer-Friendly “Off-Switch” for Data Collection
California Gov. Gavin Newsom signed into law SB 362 – also known as the Delete Act – establishing even more robust online privacy protections in a state already at the vanguard of digital rights.
The Delete Act’s most noteworthy provision establishes a “one-stop-shop” for data removal – essentially an “off-switch” for consumers to request the scrubbing of all their collected online data.
The Delete Act requires the creation of this single-point, no-cost deletion mechanism by Jan. 1, 2026. All registered data brokers, in turn, will have to access that website every 45 days to address consumer requests and remove collected data when asked to do so. Under prior law, consumers found it difficult to communicate with around 500 data brokers doing business in California.
The Delete Act will require data brokers to register with the California Privacy Protection Agency (CPPA). It creates a “do not track” list similar to the National Do Not Call Registry. And it enshrines new transparency requirements for brokers, who must now disclose the collection of sensitive information such as precise geolocation data, reproductive health care data, and personal data collected from minors.
This landmark legislation follows on the heels of the California Consumer Privacy Act and the California Privacy Rights Act, which together form the backbone of one of the most protective digital rights regimes in the world. Yet data collection in California has continued unabated in recent years despite these protections, due in large part to the difficulties in opting out.
Consumers find there are simply too many players scraping public records, social media profiles and online transactions. These players create digital profiles from our most sensitive personal information and sell it to corporations, advertisers, governments, and law enforcement agencies for the purposes of analyzing, predicting and even shaping our behavior.
In this regard, the Delete Act’s one-stop mechanism empowers consumers to take control of their data and free themselves from online manipulation (not to mention government’s warrantless snooping, a flagrant Fourth Amendment violation). We applaud the California Legislature, sponsor Sen. Josh Becker and Gov. Newsom for taking a bold step in the direction of consumer privacy.
We have to note, however, that California is often criticized for its sweeping, at times inartful approach to business regulation. The Delete Act faces similar concerns. Some critics call it a “sledgehammer approach” with unpredictable ramifications for businesses and consumers.
According to one poll, more than 80 percent of California’s residents support the Delete Act. If all those millions opt-out, it’s a game-changer for the way online business is conducted in the epicenter of tech culture and innovation. Small businesses may find it particularly difficult to acquire new customers, while non-profits could have a tougher time finding donors.
The new law authorizes CPPA to fine-tune the rules to make it practical. In the meantime, California deserves applause for enhancing digital privacy. It’s a watershed moment, and rest assured other states – and nations – will be watching closely as this new paradigm takes shape in the coming years.