Drop Off the Face of the Earth: California Forces Data Brokers to Delete Your Data

If you have ever Googled yourself, you’ve probably had to face the uncomfortable idea that the internet contains multitudes of your personal information scattered all over it. But what if I told you that some companies casually own giant databases of your personal information and use it to turn a profit? No, I’m not joking. Let’s talk about what you can do about it.

You’ve probably heard of the term “data brokers.” These are companies that collect, store, and sell large amounts of people’s personal information from various data sources, including public records (such as the census and court records), websites (including cookies and browsing history), online activity (from social media), and other sources. After a profile of a person is done, it’ll be licensed or sold to other businesses for a variety of purposes, including targeted advertising, credit scoring, fraud prevention, and other marketing purposes. 

In other words, even if you’ve never interacted with a data broker directly, there’s a good chance they know a lot about you.

I’ve personally Googled myself many times, and I have to say, seeing my full name, academic background, professional history, old photos, email addresses, vague location data, and even some cringeworthy comments from years ago all in one place is more than unsettling. That information doesn’t just exist; it circulates. And until recently, opting out of that system was a confusing, time-consuming, and often impossible task. That’s where California’s new DROP system comes in.

Beginning in January 2026, under the Delete Act, California residents will be able to use a single tool – the Data Removal Opt-Out Platform (DROP) – to request that data brokers delete the personal information they hold. More than 500 data brokerage companies are expected to be subject to this requirement. Californians can already submit their first deletion request, and starting in August 2026, brokers will be legally required to process these requests every 45 days.

This is a significant shift in how personal data is treated in the U.S, even if it’s limited to one state. Instead of forcing individuals to hunt down dozens (or hundreds) of opt-out forms, DROP centralizes the process and puts the burden back on the companies profiting from personal data in the first place.

In my opinion, this new development is a two-way street. On the one hand, giving nearly 40 million Californians the ability to reclaim some control over their personal data is a genuine step forward for online privacy. It acknowledges that personal information shouldn’t be an unlimited resource for shadowy middlemen to exploit. It also sets a precedent, one that other states, or even federal regulators, may eventually feel pressured to follow.

On the other hand, the fact that this protection stops at California’s borders highlights just how fragmented data privacy still is. Tens of millions of people across the rest of the U.S. (not to mention users worldwide) remain fully exposed to the same data broker ecosystem, with little recourse beyond manual opt-outs or relying on companies to act in good faith.

Even regions with stronger privacy laws aren’t immune to this issue. The EU’s “right to be forgotten” offers more robust protections on paper, but in practice, it’s far from a guarantee of anonymity or safety online. Once data is collected, copied, resold, and redistributed, entirely erasing it becomes nearly impossible.

That’s why tools that limit data collection at the source still matter. Laws like the Delete Act address what happens after your data is already out there. Privacy-focused technologies (such as VPNs) help you reduce how much information you leak in the first place by masking IP addresses, limiting location tracking, and making passive data collection more difficult. They’re not a silver bullet, but they’re an essential layer of defense in an internet economy built on surveillance.

California’s DROP platform still won’t make you invisible online. But it does send a clear message: unrestricted data brokerage is no longer something people are expected to accept without question. Whether this becomes a blueprint for broader reform (or remains a state-level exception) will determine just how far this “drop” in the bucket can ripple outward.