
On October 10, 2023, Governor Gavin Newsom signed into law the California Delete Act, which imposes new requirements on “data brokers.” Because of the California law’s broad definition of the term “data broker,” the law will apply to many businesses that would not typically think of themselves as engaged in buying and selling data. The Delete Act will require such “data brokers” to make new disclosures and, beginning in 2026, respond to bulk deletion requests submitted via a mechanism established by the California Privacy Protection Agency (CPPA), which is likely to prove onerous. Unlike current deletion requests, which are sent on a one-off basis to specific businesses, the Delete Act will require these requests to be honored by all businesses registered with the CPPA as a data broker simultaneously. As a result, data brokers will see a significant increase in the volume of such requests they are required to process. Additionally, beginning in 2028, data brokers will be required to undergo costly third-party compliance audits.
Continue Reading California Adopts “Delete Act”: New Requirements for Data Brokers