June 11, 2026
If you've ever tried to remove your personal information from the internet, you know the pain: one opt-out form per data broker, each demanding different verification steps, some requiring you to mail a physical letter, others ignoring your request entirely. Multiply that across hundreds of data brokers, and it's a full-time job.
That's changing — fast.
In a whirlwind 30-day stretch that privacy advocates are calling the most aggressive regulatory period in US data broker history, three major developments have reshaped the landscape:
1. California's one-click data deletion portal went live — allowing residents to delete their data from 665+ registered data brokers with a single request. 2. A bipartisan federal Data Broker Accountability Act was introduced — proposing a nationwide opt-out portal, registration mandates, and private right of action. 3. The FTC finalized a rule banning the sale of sensitive location data — with penalties of up to $50,000 per violation.
Here's what each of these changes means for your personal data — and what they don't do.
The California Delete Act (SB 362), signed into law in October 2023, was already the most ambitious state-level data broker legislation in the country. But its centerpiece — a centralized deletion portal — only became operational this year.
The California Privacy Protection Agency (CPPA) launched a web portal where California residents can submit a single verified deletion request. The CPPA then forwards that request to every data broker registered in the state. As of June 2026, 665 data brokers are on the registry — up from roughly 500 at the start of 2025.
During the pilot period from January to March 2026, the portal processed approximately 12,000 deletion requests with an average compliance rate of 78%. That means roughly 9 in 10 registered brokers honored the deletion within the mandated 45-day window.
On June 10, 2026, Governor Newsom signed SB 1125, which closed a significant loophole. The original Delete Act only covered direct identifiers — your name, address, phone number, email. Data brokers argued that "inferences" about you — your likely income bracket, shopping preferences, health interests, political leanings — were not covered.
SB 1125 explicitly extends the deletion requirement to inferences and derived data. If a data broker has a profile that says "likely to vote Democrat," "interested in weight loss products," or "high credit risk," that profile must now be deleted alongside your contact information.
> Why this matters: The data broker industry generates $32.5 billion in annual revenue — and the most valuable products they sell are not your name and address, but the predictions and profiles built from them. This expansion targets the core of the business model.
On June 9, 2026, Senators Maria Cantwell (D-WA) and Roger Wicker (R-MS) — the chair and ranking member of the Senate Commerce Committee — introduced the Data Broker Accountability Act (S. 1234) . With co-sponsors including Amy Klobuchar, Jerry Moran, Richard Blumenthal, and Marsha Blackburn, this is one of the most bipartisan privacy bills in recent memory.
| Requirement | Details | |---|---| | Registration | All data brokers with >$5M revenue or handling data of >50K individuals must register with the FTC | | Annual audits | Independent third-party audits of data collection, use, and sharing practices | | National opt-out portal | An FTC-run "Do Not Sell" portal — one request, one place, nationwide | | Mandatory deletion | Brokers must delete your data within 30 days of a verified request | | Penalties | Up to $5,000 per violation per consumer per day; $10,000 for sensitive data | | Private right of action | You can sue violators for $1,000–$5,000 in statutory damages |
The bill has been referred to the Senate Commerce Committee, with a hearing scheduled for July 15, 2026. It's too early to predict passage, but the bipartisan sponsorship — and the 87% public support for federal privacy legislation, per a recent Pew poll — gives it real momentum.
California's Delete Act is more aggressive on some fronts (it doesn't exempt smaller brokers and requires deletion of inferences), while the federal bill would create a uniform national standard — a critical issue for businesses that currently have to navigate a patchwork of state laws.
> Our take at CyberForget: A federal registry with a national opt-out portal would be transformative. Currently, no comprehensive federal list of data brokers exists. We rely on crowd-sourced research and public records to track the 4,000–5,500 data brokers operating globally. A mandatory federal registry would pull the industry out of the shadows.
On May 12, 2026, the FTC finalized a rule that goes further than any previous federal action against data brokers: a complete ban on selling or transferring sensitive location data.
The rule prohibits data brokers from selling or transferring location data within 500 meters of:
Violations carry fines up to $50,000 per consumer device per day, with potential treble damages for willful violations. The FTC has stated it will begin vigorous enforcement on September 12, 2026.
This rule stems directly from the 2022 Supreme Court decision in *Dobbs v. Jackson Women's Health Organization*, after which reports emerged of data brokers selling location data that could be used to identify visitors to reproductive health clinics. The FTC received over 12,000 public comments on the proposed rule before finalizing it.
The rule only covers location data. It doesn't address the broader data broker industry — purchases of health data, financial profiles, browsing history, social media data, or the thousands of other data points that brokers collect, package, and sell.
While California and the federal government grab headlines, a growing number of states have enacted their own data broker laws:
| State | Law | Effective | Key Feature | |---|---|---|---| | Vermont | Data Broker Registration Act | 2018 | First state registry; ~150 brokers | | California | Delete Act + SB 1125 | 2024 / 2026 | One-click deletion; most comprehensive | | Texas | TX Data Privacy & Security Act | July 2025 | Registration + opt-out; ~200 brokers | | Oregon | OR Consumer Privacy Act | July 2024 | Registration + opt-out; ~110 brokers | | Colorado | Colorado Privacy Act | July 2023 | Registration + opt-out; ~90 brokers | | Connecticut | CT Data Privacy Act | July 2023 | Registration + opt-out; ~70 brokers | | Washington | My Health My Data Act | 2023 / 2025 | Health-specific broker regulation |
Bills are pending in New York, Arizona, Florida, Illinois, Maryland, Massachusetts, Michigan, New Jersey, North Carolina, Ohio, and Pennsylvania.
For all this regulatory activity, it's important to understand the scale of what we're up against:
The industry is vast, opaque, and growing faster than regulation can keep up.
The Delete Act portal is a genuine win for privacy. But it has real limitations:
1. California residents only. If you don't live in California, the portal doesn't apply to you — even if California-based data brokers hold your data.
2. 665 brokers registered ≠ 665 brokers deleted. Only 78% of deletion requests were honored during the pilot. And the law only covers brokers registered in California — many smaller or foreign data brokers are not registered.
3. One-time deletion. Removing your data once doesn't prevent brokers from re-collecting it from public records, other data brokers, or data aggregators. Continuous monitoring is essential.
4. It doesn't remove your data from people-search sites. While many people-search sites like Spokeo, Whitepages, and PeopleFinder qualify as data brokers under California law, the portal only requests deletion — it doesn't verify compliance. Many sites silently re-list data after the 45-day window.
Whether you live in California or not, here's what you should be doing to remove your personal information from the internet:
We currently cover 400+ data broker and people-search sites, with new sites added as we discover them. Our system verifies each removal and alerts you if your data re-appears.
June 2026 is a watershed moment for data privacy regulation in the United States. California's one-click deletion portal, the proposed Data Broker Accountability Act, and the FTC's location data rule represent the most aggressive regulatory push against the data broker industry in history.
But regulation alone won't solve the problem. The data broker industry is too large, too opaque, and too profitable. Even a perfect federal law — which we don't have yet — would take years to fully implement. And data brokers have proven remarkably adept at finding loopholes, fighting compliance, and continuing to collect and sell data.
The most effective approach combines three things:
1. Regulatory pressure — support laws like the Delete Act and the Data Broker Accountability Act 2. Personal action — opt out of data broker sites and monitor for re-appearance 3. Automated services — use a professional removal service to handle the ongoing effort at scale
At CyberForget, we've spent years building the infrastructure to fight data brokers on your behalf — because you shouldn't have to spend your life opting out of data collection you never agreed to in the first place.
*Want to see which data brokers are currently holding your personal information? Start a free scan at CyberForget.com →*
*Updated June 11, 2026. This article is for informational purposes and does not constitute legal advice. Laws and regulations may change; consult a qualified professional for advice specific to your situation.*
Ready to remove your personal information from data broker sites? CyberForget automates the entire process.
Start Free Scan →CyberForget — Automate data broker removal and protect your privacy.