If you are a resident of California, the state now has a portal where you can demand deletion of your personal data from 500+ registered data brokers with a single request form, for free.
https://hachyderm.io/@evacide/115823137786391729
Note: aside from this thread, there is also further discussion in the linked Mastodon toot.
Well, I put in a bunch of personal info and then it rejected two 2FA codes that it sent to my phone so I couldn’t submit at the end. Sigh.
Anyone used it yet?
Each time you use DROP, you must use the same method to verify you’re a California resident. Example: If you used Login.gov, then you must always use Login.gov.
Does it make a difference which verification you use? Can you “unsubscribe” multiple names/addresses? For example those with nicknames (William/Bill) or married names, and those who have moved around quite a lot?
Good job California! You’re making some positive moves!
Here’s how it’s gonna go:
Government of california: “delete this”
Company: no
Gov: okay well here’s a fine for $200 million, don’t do it again
Company: that’s fine, we made $1.8 billion with the data, this is just the cost of doing business
repeats next year but with a sternly worded letter
Prove me wrong, California. Break companies out of existence when they break the law. Don’t just slap them on the wrist with a fine.
Fine them $1 million per day per person who still has data on their site if they submitted the form.
Really, these types of services need to be opt-in instead of opt-out.
They need to not exist.
I appreciate your cynicism, but I’m not personally inclined towards it. I think what it will ultimately boil down to, which you alluded to, is how the law is enforced. If they get fined as a first measure but then get taken to court for a second failure by California’s attorney general and get subsequently bankrupted, it might stand as an example to others.
Or maybe they’ll still say the potential risk is still worth it. I dunno. We’ll just have to see how this goes, but it’s still better than the current options, which are:
- Trying to navigate deleting your own data, staying on top of it, and hoping they’re actually deleting things.
- Paying a private company to do it and hope they’re not just pocketing your money.
- Doing nothing and getting butt-fucked by surveillance capitalism.
None of those are great, so I’m hopeful this is the start of something better.
Earlier in the year I read an article claiming that something like 40% of the data brokers doing business here (ie collecting data on California citizens) don’t comply with elements of existing law, such as registering with the CA secretary of state. So the author wasn’t bullish on the idea that they’d suddenly start just because there’s a new law. They are sayign the AG will aggressively pursue violators, but we’ll see.
If nothing else, we’ll have one more data store to get hacked.
FYI the terms say brokers don’t have to comply until August 2026, so it may take a while to see a difference
I believe it’s 90 days after August 2026.
So functionally 2027
Damn it cuts the connection to the site when I switch to my email app to confirm. Here’s to hoping I remember to do this tomorrow!
Did you do it?
“What about the other 1000+?”
“Well, it’s a start.”
Most of the “500+” will simply ignore their legal requirements and eat the fine.
But some won’t.
So it’s better than continuing to do nothing, it’s at least vocally (legally) saying they aren’t cool with it.
deleted by creator
Atta’boy…
