FOLLOW US

Matt Schwartz, a policy analyst at Consumer Reports, explained, "This bill is multifunctional in the way it both sheds light on the industry and gives consumers a data deletion right that's usable."

California Raises Data Broker Regulation : Penalties for Non-Compliance

The Delete Act reinforces these obligations with substantial penalties. The California Privacy Protection Agency is expected to vigorously pursue violations, including daily fines of at least $200 for failing to adhere to registration requirements and $200 per deletion request for each day without data scrubbing. This framework elevates the risk for numerous covered companies.

California Raises Data Broker Regulation : The Road Ahead

Though the full implementation of the Delete Act is still years away, companies must start preparing now. Uncertainties linger about the universal deletion mechanism's operation, data collection after deletion requests, and identity verification.

As the effective date for deletion requirements approaches, the California Privacy Protection Agency is anticipated to dedicate more resources to data broker oversight. Companies outside of California should also monitor developments, as other states and federal lawmakers may follow suit.

U.S. Senator Ron Wyden, D-Ore., applauded California's initiative and hoped that it would inspire other states and Congress to empower consumers nationwide. Federal recommendations from the Federal Trade Commission in 2014 called for increased transparency and consumer control over data brokers.

While Texas and Oregon have introduced data broker registries, they lack data transparency, access, and deletion requirements. The Delete Act's proactive approach may prompt other states to take similar steps.

James Davisson from EPIC emphasized the need for a comprehensive privacy framework that emphasizes data minimization, suggesting that the new California law be incorporated into a broader privacy law with a robust data minimization framework.

In a rapidly evolving digital age, California's Delete Act stands as a beacon of consumer empowerment and privacy protection, setting a new standard for data broker regulation.