Reclaiming your digital privacy is getting easier in California. The state has launched a free tool that simplifies the opt-out process, and requires over 500 registered data brokers to wipe your personal records from their databases.
The Delete Request and Opt-out Platform (DROP), which launched on Thursday, “is the first of its kind,” says the California Privacy Protect Agency. “It allows consumers to request the deletion of their data from over 500 data brokers—all in one request.”
(Credit: DROP)
The tool tackles the legal data broker business, where companies collect publicly available information about people (though sometimes it’s more sensitive), and sell it to third parties, including people-finding sites and background check services.
The data brokers usually offer an opt-out for consumers. The problem is that to thoroughly protect your privacy, you’ll need to manually contact dozens or even hundreds of data brokers and complete their opt-out forms, a huge hassle for users.
In 2023, California passed the Delete Act, which required the state to create an easy-to-use tool by Jan. 1, 2026, to streamline the deletion process “through a single verifiable consumer request.”
“After years of planning and development, it is finally ready to launch,” the California Privacy Protection Agency (CPPC) wrote in a blog post last month. The law requires all 543 registered data brokers in the state to start fulfilling the data deletion requests by Aug. 1.
There are a number of data-removal services that will wipe your data for you, for a fee.
The tool arrives on top of several paid services that can also help you scrub your personal information from the internet, but for a fee. The CPPC hopes the new site will help users fight spam and robocalls while preventing potential identity theft and fraud.
However, the DROP site is currently facing a technical issue. Using the site requires you to submit a phone number or email address to receive an authentication code. But as of Friday, the site posts a “504” error when it tries to send authentication codes.
Recommended by Our Editors
DROP site error (Credit: auth.cdt.ca.gov)
“We are actively working on the issue,” the CPPC tells us, so a fix should be inbound.
The DROP site also requires you to provide your name, physical address, and birth date to confirm your California residency. This same information must be submitted to the registered data brokers to initiate the deletion process. Still, the DROP site says: “The California Identity Gateway only asks for the information needed to verify your identity and program eligibility. We don’t store your information.” (You can also register for access through the federal Login.gov if they have an account there.)
The other downside is that DROP only works for California residents. The state’s privacy protection agency notes that only three other states—Oregon, Texas, and Vermont—require data brokers to register. It’s why privacy advocates have been urging Congress to pass a federal law to rein in data brokers with stronger controls nationwide.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
