TL;DR: California launches the Delete Request and Opt-Out Platform (DROP) on January 1, 2026. Submit one request, and every registered data broker must delete your information. Data brokers must check DROP every 45 days and comply. CalPrivacy is already fining companies that try to dodge registration. ROR Partners just got hit with $56,600 for building profiles on 262 million Americans without registering. This is the most powerful data deletion tool in the US.

Finally: One Button to Delete Them All

Right now, getting your data deleted from data brokers means hunting down dozens of companies, each with different opt-out processes, each hoping you'll give up. It's designed to be exhausting.

On January 1, 2026, California changes that.

The Delete Request and Opt-Out Platform (DROP) lets California residents submit a single deletion request. Every registered data broker must check DROP at least every 45 days and process your request. One form. Hundreds of brokers. Done.

This is the Delete Act in action: California's 2023 law that required the state to build this tool. It took two years, but it's coming.

How DROP Works

Here's the process:

  1. Visit the CalPrivacy DROP website (launching January 1, 2026)
  2. Verify your California residency
  3. Submit your deletion request
  4. Data brokers must retrieve and process requests within 45 days
  5. CalPrivacy enforces compliance

Data brokers must register with California annually each January and pay registration fees. Those fees fund DROP's operation. The brokers literally pay for the tool that lets you opt out of their surveillance.

There's a catch: you need to be a California resident. But given that California is 12% of the US population, companies often just apply California standards nationally. Your state might benefit even if you can't use DROP directly.

CalPrivacy Is Already Cracking Down

The California Privacy Protection Agency (CalPrivacy) isn't waiting for DROP to start enforcement. The Data Broker Enforcement Strike Force is already hunting companies that dodge registration.

ROR Partners LLC got hit on December 3, 2025. The Nevada-based marketing firm compiled "billions of data points" to build profiles on over 262 million Americans. They used demographic, socioeconomic, and behavioral data to make inferences about consumer habits, like identifying fitness enthusiasts for gym ads.

The fine: $56,600 in penalties and past-due fees for failing to register as a data broker.

CalPrivacy's message was blunt: "A sale is a sale." Companies can't dodge privacy requirements by bundling personal information into larger service packages or calling themselves something other than "data brokers."

Background Alert, a people-search site built on billions of public records, tried a similar dodge. They marketed their ability to reveal a "scary" amount of information about anyone. CalPrivacy treated their public records aggregation as regulated data processing and forced them to shut down data-broker operations through 2028.

The End of the "Public Data" Excuse

Data brokers have long claimed that public records aren't really "personal data." Property records, court filings, voter registrations, all public, so fair game to compile, sell, and profit from.

California drew a line. When a data broker turns public records into a searchable profile, that profile becomes subject to privacy law. Scraping public data doesn't make you immune from regulation.

This matters because people-search sites like Spokeo, BeenVerified, and WhitePages build detailed profiles from exactly this kind of data. Your address history, relatives' names, estimated income, court records, all combined into one searchable package, sold to anyone who pays.

Under DROP, you'll be able to request deletion from all of them at once.

What You Can Do

If You're a California Resident

Mark your calendar for January 1, 2026. Visit the CalPrivacy DROP portal as soon as it launches. Submit your deletion request. Set a reminder to re-submit periodically. New data brokers register all the time, and your data keeps getting collected.

If You're Not in California

Use existing opt-out tools like DeleteMe or manually opt out from major brokers. Push your state legislators to pass similar laws. Texas and Oregon have data broker registries but no unified deletion portal yet. California is the model.

Right Now: Start Opting Out

Don't wait for DROP. Major data brokers have opt-out pages today. Start with the big ones: Spokeo, BeenVerified, WhitePages, Intelius, PeopleFinder. Check our opt-out guides for step-by-step instructions. Every deletion now is one less profile to deal with later.

California Writes the Rules

The data broker industry fought the Delete Act. They lost. Now they're paying registration fees to fund a tool that undermines their business model.

DROP won't solve everything. Data brokers will find new ways to collect information. Some will try to dodge registration. Enforcement will be imperfect. But for the first time, the burden shifts. Instead of consumers chasing dozens of companies, companies have to respond to one portal.

Other states are watching. If DROP works, expect similar tools in New York, Washington, and other privacy-forward states. California often writes the privacy rules that the rest of the country eventually follows.

January 1, 2026. Put it on your calendar.

References

  1. CalPrivacy - CalPrivacy Fines Marketing Firm for Selling Custom Audiences Without Data Broker Registration (December 3, 2025)
  2. CalPrivacy - Enforcement Advisory Highlighting Data Broker Registration (December 17, 2025)
  3. mePrism - Privacy Pulse December 2025: The End of the "Public Data" Excuse
  4. Electronic Frontier Foundation - Data Brokers Are Ignoring Privacy Law. We Deserve Better (August 2025)
  5. IAPP - Retrospective: 2025 in state data privacy law
  6. Frankfurt Kurnit - California Privacy Regulators Fine ROR Partners for Unregistered Data Broker Activity