alt Hacker NewsThe Delete Act
Comments
Excited to see this! Because completing the CCPA "delete my data" process for 300+ data brokers just isn't feasible.
Though I wonder what the second order effects of this might be. Imagine a service that vets tenants for landlords. If I've had all my data deleted, might I start failing background checks because the sketchy data brokers have no records of me? I fear a future where the complete absence of my data leads to bad side effects.
There’s a link to submit a DROP request at the bottom of the page. Is this live? I want to sign up.
Unfortunately following the link results in an infinite redirect.
Data brokers made in California can now wreck all the world but California.
This is a great first step, but I’m actually interested in
1. Getting a list of everyone that bought my records from data brokers 2. Reverse record linking to know who joined me, when, where, and how
Just deleting myself from 500 of these databases is a good start that’s decades over due.
Time to flip the scripts.
Does this apply to political lists too? I know political calls/text are excluded from Do Not Call and hence I get a crap ton of political spam texts (most recently from "Adam Miller for Congress OH-15", despite never living in Ohio). I'd really, really like to remove myself from all these political lists.
According to that page Texas also requires data brokers to register. As a Texan it seems unlikely that they do this to protect consumers. It feels more like they want to know who their market is as they surveil their citizens and rake in as much moola as possible. Identifying which broker will pay the highest premiums for real-time information about Texans' travel from license plate and traffic cameras, which businesses they visit, etc will allow them to get sweet kickbacks from the industry lobbyists who can openly pass around envelopes of cash on the floor of the legislature.
Sounds an awful like The Right to be Forgotten under GPDR Article 17
Saw the domain "ca.gov" and mistook it for Canada. Then wondered why it started mentioning California a lot.
hmm (thinking) infinite loop, eh?
$ curl -i -A - 'https://consumer.drop.privacy.ca.gov/maintenance.html'
HTTP/2 307
content-type: text/html
location: https://consumer.drop.privacy.ca.gov/coming-soon.html
date: Thu, 01 Jan 2026 02:22:37 GMT
[…]
$ curl -i -A - 'https://consumer.drop.privacy.ca.gov/coming-soon.html'
HTTP/2 307
content-type: text/html
location: https://consumer.drop.privacy.ca.gov/maintenance.html
date: Thu, 01 Jan 2026 02:22:46 GMT
[…]Can only hope this spreads like wildfire throughout the world.
I wonder how well this will work without other the states not being in on it and what other unintended consequences this may bring. sounds like a good start though.
When the CCPA launched in 2018 companies had to comply when a consumer requested a Data Subject Access Request (DSAR). Because the consumer had to request a DSAR not all companies felt this compliance pain acutely (e.g. it was mostly big companies with A LOT of users that got more DSARs, so they adopted workflows and tools to alleviate the pain).
The Delete Act has more teeth. Independent compliance audits begin in 2028 with penalties of $200 per day for failing to register or for each consumer deletion request that is not honored. GDPR spurred organizations to compliance, partly because of the steep penalty (up to €20 million or 4% of revenue, whichever is higher), maybe The Delete Act (and its much smaller penalty) will also spark organizations to comply.
I suppose that these records of personal data does not constitute "speech" in a First Amendment context?
Only tangentially releated but I thought the EU required that you can delete selective data. Example: Being able to delete a single email vs having to delete all emails.
And yet, Gemini does not seem to let me delete queries. This is unusual for Google who provides ways to delete pretty much all data on selective basis. Maybe I just can't find the option. Or maybe this option only exists if I'm in the EU
glad the timelines are short and hope its user friendly
> one of four states (also Oregon, *Texas*, and Vermont) who require data broker registration.
This does feel like an area where there could be useful bipartisan agreement if packaged properly.
California is a real country, United States is a joke
It seems anti-free speech. If the same thing were done via physical media, would we still support this? I am definitely no fan of data brokers, but I also am no fan or suppressing speech. This seems like the equivalent of banning old phone books before the internet.
[flagged]
This is the kind of thing the federal goverment would be doing if it gave a shit about its people.
Maybe there should be some kind of annual ISO privacy certification for companies that resell any customer data in any form. Then make data customers (e.g. marketing agencies, major retailers) and data collectors (e.g. those that collect telemetry data from libraries included in their app, auto manufacturers, wireless providers) civilly liable for any privacy violations dealing with uncertified brokers, making sure there’s an uncapped modifier based on the company’s annual revenue. That seems like it puts the bulk of the compliance responsibility on the parties that can do the most wide-scale damage with unethical and dodgy practices, while leaving some out there for others that need incentive to not ignore the rules.
Haven’t really thought this through and I’m not a policy wonk… just spitballin’.