California’s Delete Act Shines a Light on Data Brokers
In the US, the Golden State has been the head of the class in developing modern data privacy legislation, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). A new legislation—the Delete Act— gives California residents more autonomy over their data and protection against data brokers, significantly impacting the ad industry.
What is the Delete Act?
The California State legislation passed Senate Bill 362, the Delete Act, which streamlines data deletion requests of consumer personal information collected by data brokers.
The original proposal passed the California Senate on May 31, 2023, with some approved amendments from the assembly on Sep 13, 2023. The bill officially cleared legislation on September 14, 2023. The bill now awaits Gov. Gavin Newsom’s signature, who has until October 14 to sign the bill into law.
CPPA vs Data Brokers
Bill SB 362 also requires data brokers to register with the recently formed “California Privacy Protection Agency (CPPA)” in charge of enforcement to disclose the types of personal information they collect.
The act calls for the CPPA to develop a website where Californians can control access to their personal information, make deletion requests, and opt out of all future tracking. The CPPA would have to create the website by the January 2026 deadline before becoming active later in the year. It’s unprecedented for a regulatory authority to provide a mechanism for consumers to fulfill their data rights. This is a monumental shift in recognizing data privacy as a fundamental right.
Consumer Benefits of the Delete Act
- The Right to Delete: The cornerstone of the Delete Act is the right to delete personal data. Much like the “right to be forgotten” enshrined in the European Union’s GDPR, this provision allows individuals to request the deletion of their data from an organization’s systems.
- Data Portability: The Delete Act also introduces a provision for data portability. This empowers individuals to request data from one service provider and transfer it to another. For consumers, this means more freedom to switch between platforms and services without fearing losing their data.
- Increased Transparency: Transparency is a critical element of the Delete Act. Data brokers must clearly and concisely explain how they collect, process, and share personal data. This includes informing individuals about the purpose of data collection and the third parties involved. By enhancing transparency, the Delete Act aims to build trust between consumers and organizations while ensuring that data practices are fair and accountable.
- Fundamental Right: The Delete Act reflects a proactive approach to ensuring that privacy is a fundamental right. It puts individuals back in the driver’s seat, giving them greater control over their data.
Enforcement & Fines
To enforce the regulations, the Delete Act includes provisions for substantial fines from the CPPA in the event of non-compliance.
- By mid-2026, data brokers will be required to access the CPPA-built website monthly, process delete requests, and fulfill any deletion requests within 30 days.
- The bill will also require data brokers, beginning in 2028, to undergo a third-party audit every three years.
- Data brokers failing to register with the CPPA will be fined $200 daily.
- Brokers who don’t comply with deletion requests will also be charged a fine of $200 a day for each deletion request.
How BigID Helps Organizations Fulfill Data Deletion Requests
The Delete Act represents a significant step forward in proactive privacy. It signifies an accelerated need for companies – not only data brokers – to understand their data and have the mechanisms to delete specific data on individuals. While it may pose challenges for businesses, it also presents opportunities for enhanced trust and accountability between organizations and consumers.
BigID helps businesses manage, delegate, and execute deletion requests to fulfill data rights. Organizations can leverage BigID for end-to-end automated data deletion — and delete data quickly.
- Quickly and easily fulfill data deletion requests by users and application
- Delete data in seconds – across MySQL/MSSQL, Snowflake, S3, Oracle, Google Drive, and more
- Validate deletion requests through collaboration and audit trails
- Fulfill data deletion requests with integrated end-to-end data rights management
- Reduce attack surface and mitigate privacy risk
To learn more about how BigID can help accelerate deletion and achieve compliance— get a free 1:1 demo with our experts today.