← Back to Blog

California Just Made Deleting Your Data From 665+ Data Brokers a One-Click Process — Here's What You Need to Know

📅 2026-06-11 👤 CyberForget Team ⏱ 12 min read
Data Brokers Privacy California Delete Act FTC Regulation

California Just Made Deleting Your Data From 665+ Data Brokers a One-Click Process — Here's What You Need to Know

June 11, 2026

If you've ever tried to remove your personal information from the internet, you know the pain: one opt-out form per data broker, each demanding different verification steps, some requiring you to mail a physical letter, others ignoring your request entirely. Multiply that across hundreds of data brokers, and it's a full-time job.

That's changing — fast.

In a whirlwind 30-day stretch that privacy advocates are calling the most aggressive regulatory period in US data broker history, three major developments have reshaped the landscape:

1. California's one-click data deletion portal went live — allowing residents to delete their data from 665+ registered data brokers with a single request. 2. A bipartisan federal Data Broker Accountability Act was introduced — proposing a nationwide opt-out portal, registration mandates, and private right of action. 3. The FTC finalized a rule banning the sale of sensitive location data — with penalties of up to $50,000 per violation.

Here's what each of these changes means for your personal data — and what they don't do.


California's Delete Act: One Portal, 665+ Data Brokers, One Click

The California Delete Act (SB 362), signed into law in October 2023, was already the most ambitious state-level data broker legislation in the country. But its centerpiece — a centralized deletion portal — only became operational this year.

How it works

The California Privacy Protection Agency (CPPA) launched a web portal where California residents can submit a single verified deletion request. The CPPA then forwards that request to every data broker registered in the state. As of June 2026, 665 data brokers are on the registry — up from roughly 500 at the start of 2025.

During the pilot period from January to March 2026, the portal processed approximately 12,000 deletion requests with an average compliance rate of 78%. That means roughly 9 in 10 registered brokers honored the deletion within the mandated 45-day window.

What changed in June (SB 1125)

On June 10, 2026, Governor Newsom signed SB 1125, which closed a significant loophole. The original Delete Act only covered direct identifiers — your name, address, phone number, email. Data brokers argued that "inferences" about you — your likely income bracket, shopping preferences, health interests, political leanings — were not covered.

SB 1125 explicitly extends the deletion requirement to inferences and derived data. If a data broker has a profile that says "likely to vote Democrat," "interested in weight loss products," or "high credit risk," that profile must now be deleted alongside your contact information.

> Why this matters: The data broker industry generates $32.5 billion in annual revenue — and the most valuable products they sell are not your name and address, but the predictions and profiles built from them. This expansion targets the core of the business model.


The Data Broker Accountability Act: A Federal Framework

On June 9, 2026, Senators Maria Cantwell (D-WA) and Roger Wicker (R-MS) — the chair and ranking member of the Senate Commerce Committee — introduced the Data Broker Accountability Act (S. 1234) . With co-sponsors including Amy Klobuchar, Jerry Moran, Richard Blumenthal, and Marsha Blackburn, this is one of the most bipartisan privacy bills in recent memory.

What the bill would do

| Requirement | Details | |---|---| | Registration | All data brokers with >$5M revenue or handling data of >50K individuals must register with the FTC | | Annual audits | Independent third-party audits of data collection, use, and sharing practices | | National opt-out portal | An FTC-run "Do Not Sell" portal — one request, one place, nationwide | | Mandatory deletion | Brokers must delete your data within 30 days of a verified request | | Penalties | Up to $5,000 per violation per consumer per day; $10,000 for sensitive data | | Private right of action | You can sue violators for $1,000–$5,000 in statutory damages |

Where it stands

The bill has been referred to the Senate Commerce Committee, with a hearing scheduled for July 15, 2026. It's too early to predict passage, but the bipartisan sponsorship — and the 87% public support for federal privacy legislation, per a recent Pew poll — gives it real momentum.

How it compares to California's model

California's Delete Act is more aggressive on some fronts (it doesn't exempt smaller brokers and requires deletion of inferences), while the federal bill would create a uniform national standard — a critical issue for businesses that currently have to navigate a patchwork of state laws.

> Our take at CyberForget: A federal registry with a national opt-out portal would be transformative. Currently, no comprehensive federal list of data brokers exists. We rely on crowd-sourced research and public records to track the 4,000–5,500 data brokers operating globally. A mandatory federal registry would pull the industry out of the shadows.


FTC Sensitive Location Data Rule: The First Federal Data Broker Ban

On May 12, 2026, the FTC finalized a rule that goes further than any previous federal action against data brokers: a complete ban on selling or transferring sensitive location data.

What's covered

The rule prohibits data brokers from selling or transferring location data within 500 meters of:

Penalties

Violations carry fines up to $50,000 per consumer device per day, with potential treble damages for willful violations. The FTC has stated it will begin vigorous enforcement on September 12, 2026.

This rule stems directly from the 2022 Supreme Court decision in *Dobbs v. Jackson Women's Health Organization*, after which reports emerged of data brokers selling location data that could be used to identify visitors to reproductive health clinics. The FTC received over 12,000 public comments on the proposed rule before finalizing it.

What it doesn't cover

The rule only covers location data. It doesn't address the broader data broker industry — purchases of health data, financial profiles, browsing history, social media data, or the thousands of other data points that brokers collect, package, and sell.


The State-by-State Patchwork

While California and the federal government grab headlines, a growing number of states have enacted their own data broker laws:

| State | Law | Effective | Key Feature | |---|---|---|---| | Vermont | Data Broker Registration Act | 2018 | First state registry; ~150 brokers | | California | Delete Act + SB 1125 | 2024 / 2026 | One-click deletion; most comprehensive | | Texas | TX Data Privacy & Security Act | July 2025 | Registration + opt-out; ~200 brokers | | Oregon | OR Consumer Privacy Act | July 2024 | Registration + opt-out; ~110 brokers | | Colorado | Colorado Privacy Act | July 2023 | Registration + opt-out; ~90 brokers | | Connecticut | CT Data Privacy Act | July 2023 | Registration + opt-out; ~70 brokers | | Washington | My Health My Data Act | 2023 / 2025 | Health-specific broker regulation |

Bills are pending in New York, Arizona, Florida, Illinois, Maryland, Massachusetts, Michigan, New Jersey, North Carolina, Ohio, and Pennsylvania.


The $32.5 Billion Reality Check

For all this regulatory activity, it's important to understand the scale of what we're up against:

The industry is vast, opaque, and growing faster than regulation can keep up.


What California's Delete Act Portal Doesn't Solve

The Delete Act portal is a genuine win for privacy. But it has real limitations:

1. California residents only. If you don't live in California, the portal doesn't apply to you — even if California-based data brokers hold your data.

2. 665 brokers registered ≠ 665 brokers deleted. Only 78% of deletion requests were honored during the pilot. And the law only covers brokers registered in California — many smaller or foreign data brokers are not registered.

3. One-time deletion. Removing your data once doesn't prevent brokers from re-collecting it from public records, other data brokers, or data aggregators. Continuous monitoring is essential.

4. It doesn't remove your data from people-search sites. While many people-search sites like Spokeo, Whitepages, and PeopleFinder qualify as data brokers under California law, the portal only requests deletion — it doesn't verify compliance. Many sites silently re-list data after the 45-day window.


How to Protect Yourself: A Practical Guide

Whether you live in California or not, here's what you should be doing to remove your personal information from the internet:

Step 1: Use California's portal (if you're a resident)

Visit the CPPA data broker portal and submit your deletion request. It takes about 10 minutes with a valid ID.

Step 2: Opt out of the biggest people-search sites

Even with a deletion portal, the biggest data aggregators need direct opt-outs. Start with these:

Step 3: Monitor for re-appearance

Data re-appears — it's not a one-and-done process. You need quarterly re-checks. This is the single most underestimated part of data removal.

Step 4: Consider a professional removal service

Manual opt-out from hundreds of data brokers takes dozens of hours per year. Services like CyberForget automate the process — handling opt-out requests, monitoring for re-appearance, and re-submitting deletion requests on a recurring basis.

We currently cover 400+ data broker and people-search sites, with new sites added as we discover them. Our system verifies each removal and alerts you if your data re-appears.

Step 5: Lock down new data collection


The Bottom Line

June 2026 is a watershed moment for data privacy regulation in the United States. California's one-click deletion portal, the proposed Data Broker Accountability Act, and the FTC's location data rule represent the most aggressive regulatory push against the data broker industry in history.

But regulation alone won't solve the problem. The data broker industry is too large, too opaque, and too profitable. Even a perfect federal law — which we don't have yet — would take years to fully implement. And data brokers have proven remarkably adept at finding loopholes, fighting compliance, and continuing to collect and sell data.

The most effective approach combines three things:

1. Regulatory pressure — support laws like the Delete Act and the Data Broker Accountability Act 2. Personal action — opt out of data broker sites and monitor for re-appearance 3. Automated services — use a professional removal service to handle the ongoing effort at scale

At CyberForget, we've spent years building the infrastructure to fight data brokers on your behalf — because you shouldn't have to spend your life opting out of data collection you never agreed to in the first place.


Frequently Asked Questions

Does the California Delete Act work for non-residents?

No. The CPPA portal only processes requests from California residents. If you live in another state, you'll need to opt out manually or use a service like CyberForget.

How long does it take for data to be deleted?

Data brokers have 45 days to comply under the Delete Act. The federal Data Broker Accountability Act proposes a 30-day timeline. In practice, many brokers delete within 7–14 days for automated portals.

Do I need to re-submit deletion requests?

Yes. Data brokers can re-collect your information from public records (property records, voter registration, business licenses) and data resellers. You should re-check every 3–6 months.

What's the difference between a data broker and a people-search site?

Legally, many people-search sites like Spokeo and Whitepages *are* data brokers — they collect and sell personal information. For practical purposes, the distinction doesn't matter: you want your data removed from both.

Will the federal Data Broker Accountability Act pass?

It's too early to say. The bipartisan sponsorship is encouraging, and public support for privacy legislation is at an all-time high (87%). But the bill has only just been introduced, and it faces a crowded Senate calendar and likely industry opposition.

Is CyberForget registered with California as a data broker?

CyberForget is a data broker removal service — we help consumers *remove* their data from data brokers. We do not collect, sell, or share personal data. We do not meet the definition of a data broker under California law.


*Want to see which data brokers are currently holding your personal information? Start a free scan at CyberForget.com →*

*Updated June 11, 2026. This article is for informational purposes and does not constitute legal advice. Laws and regulations may change; consult a qualified professional for advice specific to your situation.*

Take Control of Your Data

Ready to remove your personal information from data broker sites? CyberForget automates the entire process.

Start Free Scan →
← Browse All Blog Posts

CyberForget — Automate data broker removal and protect your privacy.