Guide
California DELETE Act: What It Means for Your Privacy
The California DELETE Act (SB 362) creates the Data Broker Registration and Erasure Platform, known as DROP. Starting August 2026, California residents will be able to submit a single deletion request that applies to all registered data brokers. Here is what this means practically.
No service can guarantee complete removal of personal information from the internet. Opt-out paths, timelines, and relisting behavior vary by source.
What the DELETE Act changes
Currently, opting out of data brokers means visiting each site individually and completing separate request flows. The DELETE Act creates a centralized registry where California residents can submit one request that covered brokers must honor. Brokers face penalties of $200 per day per unprocessed request.
Timeline and current status
The law was signed in 2023. Consumer access to the DROP portal is expected by mid-2026, with mandatory broker compliance by August 1, 2026. The California Privacy Protection Agency oversees enforcement. API sandbox access is becoming available now for services that want to integrate.
What it does not solve
The DELETE Act applies to registered data brokers in California. Not all data sources qualify as brokers under the law, and compliance enforcement is still developing. The law does not cover out-of-state sites that fall outside California jurisdiction, and it does not prevent new data from entering broker systems.
How DeleteMyTrace prepares for DROP
We are building integration with the DROP registry as it becomes available. In the meantime, DeleteMyTrace checks 8 data broker sources directly. Our long-term value is verification: DROP tells brokers to delete, but nobody independently checks whether they actually did. That is where our scanning and monitoring system adds a layer that the registry alone cannot provide.