Haven’t really thought this through and I’m not a policy wonk… just spitballin’.
Why is this better than requiring deletion?
An act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question. But the Delete Act isn't that.
Perhaps. I just see another compliance-industrial tax on consumers backed up by a nonsense checklist.
> act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question
Or opt out by default.
Perhaps California should give counties the power to do that. Then we can watch the experiment for unintended consequences.
I’ll bet most of it depends on how good the certification is. My bosses think it’s annoying, and sure not 100% of the requirements make a difference for us, but most do, and from my vantage point, I can see how much of a difference it makes.
Though I wonder what the second order effects of this might be. Imagine a service that vets tenants for landlords. If I've had all my data deleted, might I start failing background checks because the sketchy data brokers have no records of me? I fear a future where the complete absence of my data leads to bad side effects.
cough un-ecrypted experian backups getting stolen from a UPS truck at gun-point and nothing else stolen cough
Also you can't delete your own credit history data unless it's proved inaccurate. Though you can't delete freeze it.
Unfortunately following the link results in an infinite redirect.
1. Getting a list of everyone that bought my records from data brokers 2. Reverse record linking to know who joined me, when, where, and how
Just deleting myself from 500 of these databases is a good start that’s decades over due.
Time to flip the scripts.
Texas is already doing this to track women seeking out-of-state healthcare. Whatever "side" you're on (for that argument): THIS. IS. WRONG.
In addition to ditching your cell phone, consider ditching Texas, too (as a Native™, I did so almost a decade ago). Still toying with the idea of expatriation, but honestly I feel too old for that, now =P
----
We seem to have a lot in common, fellow retired Xeon user. My PO Box is in my profile.
If you are a Texas resident, you also have a right to request data deletion (or correction) from brokers or other sellers of data, and permanently opt out of personal data profiling for a wide swath of industries including insurance and finance purposes.
Texas is one of the best states for privacy laws, even though we can obviously do better. I'd still like to see a general prohibition on things like flock and more restrictions on ALPRs, but much better than most states.
$ curl -i -A - 'https://consumer.drop.privacy.ca.gov/maintenance.html'
HTTP/2 307
content-type: text/html
location: https://consumer.drop.privacy.ca.gov/coming-soon.html
date: Thu, 01 Jan 2026 02:22:37 GMT
[…]
$ curl -i -A - 'https://consumer.drop.privacy.ca.gov/coming-soon.html'
HTTP/2 307
content-type: text/html
location: https://consumer.drop.privacy.ca.gov/maintenance.html
date: Thu, 01 Jan 2026 02:22:46 GMT
[…]Does DROP let you censor search records?
I’d encourage anyone in Europe to compare California’s CCPA to the EU’s GDPR. It was inspired by the latter, and fixes a lot of its problem. (The Swiss referendum system was based on learning from and improving on California’s.)
California represents 12% of USA population, 14% of US GDP. Effectively that means CA can throw its weight around and companies are forced to at least pretend to comply. Whether they actually comply depends on enforcement.
Now if Delaware were to adopt such a law for every company “headquartered” there …
A "right to rewrite history" that will distort reality for historians in the future.
How did HN become effectively pro-DRM?
The Delete Act has more teeth. Independent compliance audits begin in 2028 with penalties of $200 per day for failing to register or for each consumer deletion request that is not honored. GDPR spurred organizations to compliance, partly because of the steep penalty (up to €20 million or 4% of revenue, whichever is higher), maybe The Delete Act (and its much smaller penalty) will also spark organizations to comply.
The page refers to 500 data brokers, but I’d like to find the complete list they use.
There is a reason the FTC and DOJ force this companies to break up, except they have hordes of lawyers and the law will always be catching up to reality so it doesn't do much in this day and age.
That doesn't match the definition of data broker. It's also a huge stretch, as many companies have subsidiaries and different divisions that are separate legal structures.
If you want to be both obtuse and pedantic about it, the answer is yes to all three.
I hope this is good and turns global. We need this, because consent banners do not work.
The CCPA is far better than the GDPR. For one, they actually managed to make an effective privacy law that didn't have the knock-on effect of polluting the entire internet with pointless cookie banners. The EU is already making moves to scrap huge parts of their misguided privacy regulations and adopt rules more like what California did with the CCPA.
California lawmakers "adopted the GDPR" only insofar as they studied it to learn what not to do.
1st Amendment: Congress shall make No Law
14th Amendment: Due process... incorporate the Bill of Rights against the states
I often wondered whether the next case after MacDonald vs Chicago and Heller would do the same for the 2nd amendment, i.e. wipe away the ability of cities to require gun licensing and registration.
And yet, Gemini does not seem to let me delete queries. This is unusual for Google who provides ways to delete pretty much all data on selective basis. Maybe I just can't find the option. Or maybe this option only exists if I'm in the EU
This does feel like an area where there could be useful bipartisan agreement if packaged properly.