Type your own name into a search engine and you quickly see hints of how much of your life lives online. The rest sits out of sight in the hands of data brokers that most people never see or speak to. Now a new state-run platform called the Delete Request and Opt out Platform, or DROP, promises to cut a big part of that data trail in a single move.
As of January 1, residents can sign up on the official DROP site, prove they live in the state, and add their details to a master deletion list that already covers more than 500 registered data brokers.
Starting August 1, 2026, those companies must pull that list and delete any matching personal information within 90 days, then keep scrubbing their records at least every 45 days.
State officials say uptake has been brisk. More than 150,000 people have already used DROP to start reclaiming control over how their information is bought and sold. For anyone tired of robocalls, suspicious texts, or targeted scams, the appeal is obvious.
How DROP works in everyday terms
Behind the scenes, DROP is operated by the California Privacy Protection Agency, known as CalPrivacy, in partnership with the state technology department.
Residents create an account, verify residency through a secure state identity gateway or Login.gov, then share basic details such as name, address, phone number, and email.
Optional fields let people include mobile ad IDs, smart TV identifiers, or even vehicle information to help brokers find more of their files.
From there, consumers do not have to chase dozens of opt-out forms. DROP compiles a deletion list that registered brokers are required to check on a regular schedule and use to purge non-exempt personal data, including many derived profiles and inferences that people never knowingly handed over.
Why data brokers are in the spotlight
Data brokers build detailed dossiers from purchase histories, web activity, location traces, and public records, typically without a direct relationship with the people they track. Past investigations found that some brokers even hid their opt-out pages from search engines, making legal rights nearly impossible to exercise in practice.
The Delete Act, also known as Senate Bill 362, shifted oversight of this industry to CalPrivacy and ordered the creation of an “accessible deletion mechanism,” which is the legal name for DROP. The same law set new transparency rules and required regular independent audits of broker practices.
What DROP can and cannot fix
For residents, DROP is free and permanent. Once someone is on the list, they do not need to repeat deletion requests with each company. But there are limits. The tool only reaches registered data brokers, not every website or app you use.
It does not erase public records or credit files, and it does not stop companies from collecting first party data when you interact with them directly.
Enforcement will matter. Non-compliant brokers face fines that can reach $200 per day for each incident, and a new data broker strike force inside CalPrivacy is tasked with hunting down companies that ignore the law.
Privacy experts say that for the most part the combination of routine audits, automated status reports from brokers, and consumer complaints should give regulators enough signals to spot bad actors.
At the end of the day, DROP does not magically erase the data economy. It does something more modest but very concrete. It finally gives ordinary people one place to say “enough” to hundreds of invisible companies at once.
The official statement was published by the Governor of California.
