The bill directs the California Privacy Protection Agency (CPPA) to create and operate an accessible deletion mechanism that lets a consumer submit one verifiable request to remove personal information from data brokers and their service providers. It requires the mechanism to be multilingual, disability-accessible, permit authorized agents, and provide status verification and explanatory materials.
The law adds heightened protections for elected officials, judges, and their immediate family by allowing threat-identification letters and a separate verified deletion pathway; it obligates data brokers to process deletion requests, run periodic deletion cycles, undergo independent audits, and permits the CPPA to charge data brokers an access fee deposited into a dedicated fund.
At a Glance
What It Does
The bill establishes a centralized CPPA-operated deletion portal consumers can use once to request deletion across registered data brokers, and it requires brokers to act on requests and coordinate deletions with their contractors. It also creates a special verified pathway for public officials and judges who provide a threat-identification letter.
Who It Affects
Registered data brokers and their service providers, the California Privacy Protection Agency (as operator and regulator), consumers who want broad deletion of brokered data, and public officials/judges and their immediate family who can request heightened protections.
Why It Matters
This creates a single technical and regulatory point for large-scale deletion requests where previously consumers had to contact brokers individually, codifies a safety route for public figures, and imposes compliance, audit, and reporting obligations that shift operational burdens onto brokers.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill charges the California Privacy Protection Agency with building and operating an online deletion tool that centralizes deletion requests from consumers to data brokers. The CPPA must implement reasonable security controls, provide multiple privacy-protecting submission methods, and ensure the tool is available in the languages of affected consumers and accessible to people with disabilities.
The mechanism must let consumers submit one verifiable request to delete all brokered personal information, allow consumers to exclude particular brokers from that request, permit authorized agents to act on a consumer’s behalf, and give users a way to check request status.
Once the portal is live, registered data brokers must query that portal regularly and process deletion instructions. The bill requires brokers to check the mechanism at least once every 45 days and to complete deletion actions within 45 days of receiving a request.
If a broker cannot verify the requester’s identity, the bill instructs the broker to treat the submission as an opt-out of sale or sharing under California’s privacy statutes rather than simply ignoring it. Brokers must also instruct service providers and contractors to delete or to process opt-outs in the same way.The law sets carve-outs and limits: brokers need not delete information that must be retained to satisfy statutory and regulatory exceptions (for example, the purposes listed in Section 1798.105(d) and retention rules under Sections 1798.145–1798.146), but any retained personal information is limited to those purposes and may not be used for marketing.
After a deletion, brokers must run deletion cycles at least every 45 days and may not sell or share newly acquired personal information about the deleted consumer unless the consumer requests it or another statutory exception applies.For public-safety concerns, the CPPA must add, by statute-specified date, an option for users to identify as elected officials, judges, or immediate family and to submit a threat identification letter; the agency must supply a model letter. Upon receipt of a verified request accompanied by such a letter, brokers are required to remove protected information about the individual and to stop selling or sharing that information unless the individual later directs otherwise.
The bill also requires independent third-party audits of brokers every three years, retention of audit reports for six years, and prompt submission of audit materials to the CPPA on request. Finally, the CPPA may charge data brokers an access fee to use the portal; fees must be limited to reasonable costs and go into a Data Brokers’ Registry Fund.
The Five Things You Need to Know
The CPPA must provide the central deletion mechanism and support privacy-protecting submission methods, multilingual interfaces, accessibility, authorized agents, and request-status verification.
Data brokers are required to access the CPPA mechanism at least once every 45 days and complete deletions within 45 days of receiving a verifiable request.
If a broker cannot verify a deletion request, it must process the submission as an opt-out of sale or sharing under Section 1798.120, subject to limits in Sections 1798.105, 1798.145, and 1798.146.
Starting January 1, 2028, data brokers must delete protected information for verified requests from elected officials, judges, or immediate family members that include a threat identification letter; CPPA will provide a model letter.
Brokers must undergo independent third‑party audits every three years, keep audit reports six years, submit audit materials to CPPA within five business days of request, and may be charged a CPPA access fee deposited into the Data Brokers’ Registry Fund.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
CPPA must build an accessible deletion mechanism
This subsection directs the California Privacy Protection Agency to design and operate the central portal and sets baseline security obligations — administrative, physical, and technical safeguards — appropriate to the nature of the data. It also specifies high-level capabilities: single verifiable consumer requests that reach all data brokers, the ability to exclude brokers, and an option to alter a prior request after a fixed waiting period. Practically, this forces the CPPA to produce an operational service (not just guidance) that supports mass coordination between consumers and registered brokers.
Functional requirements: multilingual, accessible, and privacy-protecting inputs
This block lists concrete UX and privacy requirements: consumers must be able to submit deletion requests through multiple secure, privacy-respecting channels; the portal must operate over an internet service provided by CPPA and remain free to consumers; it must be available in the languages of affected consumers and meet accessibility standards for disabilities. It also limits what brokers can learn when they check the portal — they should only be able to confirm a verifiable request exists, not harvest extra personal data from the portal itself — which reduces privacy leakage at the verification step.
Broker obligations: regular checks, deletion timelines, and retention exceptions
These provisions spell out broker behavior: brokers must poll the CPPA mechanism on a recurring schedule and act on deletions within 45 days. If verification fails, brokers must apply opt-out controls under existing sale/sharing rules. The text preserves narrow statutory exceptions where retention is ‘reasonably necessary’ (referencing Section 1798.105(d)) and where deletion is limited by Sections 1798.145 and 1798.146, but it constrains retained data to those purposes and prohibits repurposing for marketing. The statute also mandates that, after a deletion, brokers run regular deletion cycles and restrain selling or sharing any newly obtained personal information about the same consumer unless permitted or requested by the consumer.
Special pathway for elected officials, judges, and family members
The bill requires a later update to the portal that lets a user identify as an elected official, judge, or immediate family member and to provide a threat identification letter. The CPPA must create a model letter. Once a verified request accompanied by such a letter is received, brokers have to delete all protected information about that individual and refrain from selling or sharing it, unless the individual later authorizes otherwise. The provision is a procedural safety valve intended to protect high‑risk public figures from doxxing and threats, but it also creates a verified-exception workflow that brokers and CPPA must design.
Audits, recordkeeping, and CPPA access fees
Data brokers must commission independent third-party audits every three years to assess compliance and retain audit reports and related materials for six years. Brokers must produce audit materials to the CPPA within five business days of a written request. The CPPA may charge brokers a fee for accessing the central mechanism to cover reasonable costs, and collected fees go into a Data Brokers’ Registry Fund. These provisions impose recurring operational and compliance costs on brokers and create a revenue stream to support the CPPA’s work.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Consumers seeking broad deletion: Individuals gain a single, centralized route to request deletion across multiple registered data brokers, reducing the time and technical know‑how previously required to hunt down brokers and submit separate requests.
- Elected officials, judges, and immediate family members: The bill creates a verified threat pathway and a model letter that can quickly trigger removal of sensitive information and block subsequent sale or sharing, addressing acute safety risks for public-facing figures.
- Privacy and safety advocates: The mechanism institutionalizes a scalable deletion process and creates enforceable audit and retention rules that advocates can use to hold brokers accountable.
- CPPA and state enforcement: The agency gains a central tool to coordinate compliance, obtain audit materials quickly, and fund operations via access fees, increasing regulatory leverage.
Who Bears the Cost
- Data brokers and their service providers/contractors: Brokers must implement processes to poll the portal, verify requests, perform deletions within prescribed timelines, instruct contractors to delete data, and pay for independent audits — all of which increase operational and compliance costs.
- CPPA (implementation and maintenance): The agency must build, secure, and operate a robust multilingual, accessible portal and manage audit intake and fee administration — responsibilities that require staffing and technical resources despite fee authority.
- Third‑party auditors: Independent auditors will see demand for compliance audits every three years and must maintain records for six years, creating ongoing business but also workload and liability exposure.
- Consumers and authorized agents (verification burden): Individuals who want complete deletion will need to submit verifiable requests and, for public-official protection, credible threat documentation, which shifts some effort and privacy risk to requesters.
Key Issues
The Core Tension
The central dilemma is between expanding robust, fast deletion and safety pathways for individuals (especially public figures) and preserving legitimate retention and verification practices for businesses and public purposes: enabling rapid deletion and low-friction requests risks fraud, verification difficulties, and operational fragmentation, while tight verification and retention exceptions preserve business and legal uses of data but undermine the bill’s promise of broad, reliable deletion.
The bill tries to thread difficult operational and legal needles. Requiring brokers to delete data within 45 days and to poll a central mechanism creates a predictable cadence for removal, but it presumes uniform technical integration and harmonized identity-verification practices across a heterogeneous industry.
Translating a single verifiable request into consistent deletions across brokers, downstream processors, and archival/back-up systems will be technically and contractually complex. The statute carves out retention where ‘‘reasonably necessary’’ or where other statutes limit deletion, but those cross-references (Sections 1798.105(d), 1798.145, 1798.146) leave open interpretation fights about what qualifies as a legitimate exception and how long data may be kept.
The public-official pathway raises implementation questions as well. The requirement for a threat identification letter and a model form aims to curb frivolous claims, but the bill does not specify standards for verifying threat validity or penalties for false submissions.
That ambiguity could produce uneven adjudication by brokers, create incentives to over‑broadly accept claims for safety, or lead to litigation over erroneous denials. Finally, the fee model shifts some of CPPA’s operational costs to data brokers, but it risks underfunding if fees are capped to ‘‘reasonable costs’’ and the portal demands scale and constant modernization; conversely, excessive fees could be passed downstream in ways that affect consumers or smaller brokers.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.