What to Do for a Data Broker Deletion Request in 2026: California Delete Act Guide
California residents facing data brokers can take direct action under the Delete Act starting in 2026. The primary step involves submitting deletion requests through the mandatory accessible deletion mechanism, which data brokers must monitor at least every 45 days beginning August 1, 2026. This applies to personal information held by brokers, with limited exceptions.
For complaints or opt-outs, consumers should first use this mechanism to request deletion. Employers, particularly those sharing employee data, need to verify broker registration to ensure compliance and avoid penalties like the $200-per-day fine for non-registration. Registration occurs annually via the Delete Request and Opt-Out Platform (DROP) from January 1-31, 2026.
This guide outlines steps for submitting requests, checking compliance, and understanding broker duties, drawing from California Privacy Protection Agency rules. It equips consumers exercising data rights and employers confirming obligations.
Submit a Deletion Request via California's Accessible Mechanism
Data brokers in California must provide an accessible deletion mechanism under the Delete Act. Starting August 1, 2026, they are required to access this mechanism at least once every 45 days to process consumer deletion requests for personal information, subject to limited exceptions as outlined in Cal. Code § 1798.99.80(c).
Consumers can submit requests through this tool, which serves as the main pathway for data removal. Locate the broker's designated deletion portal, typically linked on their website or privacy policy. Provide necessary details like your name, contact information, and identifiers to match your data. Brokers must then process valid requests within the required timeframe.
This mechanism streamlines opt-outs without needing formal complaints in most cases. Track your submission and follow up if no response arrives within the processing period specified by law. For full details on implementation, refer to the California Privacy Protection Agency resources. By using this primary channel, California consumers in 2026 can directly enforce their deletion rights under the Delete Act, with brokers obligated to check the mechanism every 45 days starting August 1.
Verify Data Broker Registration and Compliance
Before submitting a deletion request, confirm the data broker's registration status with the California Privacy Protection Agency. Brokers must register annually through the DROP portal between January 1-31, 2026, and pay the required fee.
Check the CPPA's public registry for active status. Non-registration triggers enforcement, including a fine of $200 per day. Additionally, by July 1 following their first year as a data broker, they must update their website's privacy policy with collected information and a reporting link.
Review the broker's privacy policy for required disclosures under SB 361, which covers sensitive data types like sexual orientation, union membership, or citizenship status, as well as selling or sharing practices such as transfers to foreign actors, law enforcement, or generative AI developers. Visit the California Privacy Protection Agency for verification tools and lists.
If discrepancies appear, note them for your records but prioritize the deletion mechanism for action. This verification step ensures consumers engage with compliant brokers and helps employers avoid risks from non-compliant partners.
Data Brokers' 2026 Obligations That Affect Your Rights
The Delete Act imposes clear duties on data brokers starting in 2026. They must regularly access the deletion mechanism every 45 days from August 1 onward, ensuring timely processing of consumer requests.
Privacy policies play a key role: brokers need to include specific reporting by July 1 after qualifying as a data broker, with a dedicated link for transparency. SB 361 adds layers by mandating disclosures on sensitive data collection and sharing details, helping consumers assess risks before opting out.
These rules strengthen enforcement context for your rights. Brokers failing privacy policy updates or disclosures face scrutiny, indirectly supporting stronger deletion responses. All obligations tie back to CPPA oversight, as detailed on their data brokers page. Consumers benefit from these requirements by gaining clearer visibility into data practices, enabling informed deletion requests through the accessible mechanism.
For Consumers vs. Employers: Key Actions on Data Brokers
Consumers and employers face distinct priorities when dealing with data brokers under 2026 rules. Consumers focus on personal data removal, while employers verify broker compliance to mitigate risks from data sharing.
| Role | Key Actions | Timeline/Details |
|---|---|---|
| Consumers | Submit deletion request via accessible mechanism; check privacy policy disclosures | Every 45 days access starting Aug 1, 2026; use DROP for verification |
| Employers | Confirm broker registration on DROP; review privacy policies and SB 361 disclosures to avoid fines | Register Jan 1-31, 2026; $200/day fine for non-compliance |
Consumers start with the deletion tool for immediate impact. Employers, who may share employee data, prioritize registration checks to ensure partners meet CPPA standards, per pbw-law insights at pbw-law. This table highlights tailored paths based on pbw-law insights and CPPA guidelines.
FAQ
How do I submit a data deletion request to a California data broker in 2026?
Use the broker's accessible deletion mechanism, available starting August 1, 2026. Brokers monitor it every 45 days to process requests for personal data removal.
When must data brokers check the deletion mechanism under the Delete Act?
Beginning August 1, 2026, data brokers must access the mechanism at least once every 45 days and handle valid consumer deletion requests.
What happens if a data broker fails to register with CPPA?
Failure to register carries a $200-per-day fine.
Do data brokers have to disclose sensitive data collection in their privacy policies?
Yes, under SB 361, brokers must disclose collection of sensitive types like sexual orientation or union membership, plus selling/sharing practices.
What's the registration period for data brokers in 2026?
Data brokers must register via DROP between January 1-31, 2026.
How does this compare to complaint processes under GDPR?
Under GDPR, complaints go to national Data Protection Authorities, which can impose fines up to 20 million euros or 4% of global revenue.
Next, visit the California Privacy Protection Agency data brokers page to check specific brokers and submit your deletion request promptly under the 2026 rules.