California residents have gained something privacy advocates never thought would be possible: the power to wipe their personal information from hundreds of data brokers with a single click.
The Golden State has officially activated its Delete Request and Opt-Out Platform (DROP), giving residents the ability to request deletion of their personal information from over 500 registered data brokers with a single submission.
This platform stems from California’s Delete Act, which passed two and a half years ago and builds upon existing privacy rights that have been available to California residents since 2020. DROP’s scope and simplicity mean residents can now access the tool at privacy.ca.gov, verify their California residency, and submit basic information including their name, address, and email to trigger deletion requests across hundreds of data brokers simultaneously, ABC7 reported.
August deadline
DROP has launched for consumer registration, but something far more dramatic happens in August 2026 when data brokers must start processing deletion requests—and the financial penalties are steep enough to force industry-wide transformation.
Starting Aug. 1, 2026, registered data brokers will be required to check the DROP system at least once every 45 days and process deletion requests within 90 days. Companies that fail to comply face fines of $200 per day, per violation, which could quickly escalate to millions of dollars for brokers handling thousands of requests.
Here’s what’s already happening behind the scenes: The California Privacy Protection Agency established a Data Broker Enforcement Strike Force back in November 2025, signaling serious intent to monitor compliance. Data brokers must implement sophisticated technical systems to automatically query DROP, match consumer identifiers using specific hashing algorithms, and delete all associated personal information—including data held by their service providers and contractors, detailed regulations show from December.
An end to spam?
DROP could dramatically reduce spam calls, texts, emails, and scam attempts while potentially cutting identity theft risks—but understanding the limitations might surprise you more than the benefits.
The platform’s primary goal involves reducing the amount of personal data circulating online and could help cut down on spam communications and fraud attempts. But here’s the twist: significant scope restrictions limit its effectiveness in ways most people don’t expect.
Companies can keep first-party data they’ve collected directly from users, meaning only brokers who buy or sell that data are required to delete it. Certain information remains completely exempt from deletion, including vehicle registration and voter records derived from public documents, as well as sensitive medical information covered under laws like HIPAA.
The system covers only California-registered data brokers, potentially missing national and international operators who haven’t registered with the state.
Despite these limitations, DROP represents the most ambitious consumer data protection initiative in U.S. history and could influence privacy infrastructure nationwide.
Even space agencies can’t escape gravity… especially when a hacker claims they’ve walked off with hundreds of gigabytes of internal data.
