California Just Made Deleting Your Data From 665+ Data Brokers a One-Click Process — Here's What You Need to Know
June 11, 2026
If you've ever tried to remove your personal information from the internet, you know the pain: one opt-out form per data broker, each demanding different verification steps, some requiring you to mail a physical letter, others ignoring your request entirely. Multiply that across hundreds of data brokers, and it's a full-time job.
That's changing — fast.
In a whirlwind 30-day stretch that privacy advocates are calling the most aggressive regulatory period in US data broker history, three major developments have reshaped the landscape:
- California's one-click data deletion portal went live — allowing residents to delete their data from 665+ registered data brokers with a single request.
- A bipartisan federal Data Broker Accountability Act was introduced — proposing a nationwide opt-out portal, registration mandates, and private right of action.
- The FTC finalized a rule banning the sale of sensitive location data — with penalties of up to $50,000 per violation.
Here's what each of these changes means for your personal data — and what they don't do.
California's Delete Act: One Portal, 665+ Data Brokers, One Click
The California Delete Act (SB 362), signed into law in October 2023, was already the most ambitious state-level data broker legislation in the country. But its centerpiece — a centralized deletion portal — only became operational this year.
How it works
The California Privacy Protection Agency (CPPA) launched a web portal where California residents can submit a single verified deletion request. The CPPA then forwards that request to every data broker registered in the state. As of June 2026, 665 data brokers are on the registry — up from roughly 500 at the start of 2025.
During the pilot period from January to March 2026, the portal processed approximately 12,000 deletion requests with an average compliance rate of 78%. That means roughly 9 in 10 registered brokers honored the deletion within the mandated 45-day window.
What changed in June (SB 1125)
On June 10, 2026, Governor Newsom signed SB 1125, which closed a significant loophole. The original Delete Act only covered direct identifiers — your name, address, phone number, email. Data brokers argued that "inferences" about you — your likely income bracket, shopping preferences, health interests, political leanings — were not covered.
SB 1125 explicitly extends the deletion requirement to inferences and derived data. If a data broker has a profile that says "likely to vote Democrat," "interested in weight loss products," or "high credit risk," that profile must now be deleted alongside your contact information.
Why this matters: The data broker industry generates $32.5 billion in annual revenue — and the most valuable products they sell are not your name and address, but the predictions and profiles built from them. This expansion targets the core of the business model.
The Data Broker Accountability Act: A Federal Framework
On June 9, 2026, Senators Maria Cantwell (D-WA) and Roger Wicker (R-MS) — the chair and ranking member of the Senate Commerce Committee — introduced the Data Broker Accountability Act (S. 1234) . With co-sponsors including Amy Klobuchar, Jerry Moran, Richard Blumenthal, and Marsha Blackburn, this is one of the most bipartisan privacy bills in recent memory.
What the bill would do
| Requirement | Details |
|---|---|
| Registration | All data brokers with >$5M revenue or handling data of >50K individuals must register with the FTC |
| Annual audits | Independent third-party audits of data collection, use, and sharing practices |
| National opt-out portal | An FTC-run "Do Not Sell" portal — one request, one place, nationwide |
| Mandatory deletion | Brokers must delete your data within 30 days of a verified request |
| Penalties | Up to $5,000 per violation per consumer per day; $10,000 for sensitive data |
| Private right of action | You can sue violators for $1,000–$5,000 in statutory damages |
Where it stands
The bill has been referred to the Senate Commerce Committee, with a hearing scheduled for July 15, 2026. It's too early to predict passage, but the bipartisan sponsorship — and the 87% public support for federal privacy legislation, per a recent Pew poll — gives it real momentum.
How it compares to California's model
California's Delete Act is more aggressive on some fronts (it doesn't exempt smaller brokers and requires deletion of inferences), while the federal bill would create a uniform national standard — a critical issue for businesses that currently have to navigate a patchwork of state laws.
Our take at CyberForget: A federal registry with a national opt-out portal would be transformative. Currently, no comprehensive federal list of data brokers exists. We rely on crowd-sourced research and public records to track the 4,000–5,500 data brokers operating globally. A mandatory federal registry would pull the industry out of the shadows.
FTC Sensitive Location Data Rule: The First Federal Data Broker Ban
On May 12, 2026, the FTC finalized a rule that goes further than any previous federal action against data brokers: a complete ban on selling or transferring sensitive location data.
What's covered
The rule prohibits data brokers from selling or transferring location data within 500 meters of:
- Hospitals and healthcare facilities
- Reproductive health clinics
- Places of worship
- Domestic violence shelters
- Addiction treatment centers
- Schools and daycare centers
- Military bases
- Prisons and correctional facilities
Penalties
Violations carry fines up to $50,000 per consumer device per day, with potential treble damages for willful violations. The FTC has stated it will begin vigorous enforcement on September 12, 2026.
This rule stems directly from the 2022 Supreme Court decision in Dobbs v. Jackson Women's Health Organization, after which reports emerged of data brokers selling location data that could be used to identify visitors to reproductive health clinics. The FTC received over 12,000 public comments on the proposed rule before finalizing it.
What it doesn't cover
The rule only covers location data. It doesn't address the broader data broker industry — purchases of health data, financial profiles, browsing history, social media data, or the thousands of other data points that brokers collect, package, and sell.
The State-by-State Patchwork
While California and the federal government grab headlines, a growing number of states have enacted their own data broker laws:
| State | Law | Effective | Key Feature |
|---|---|---|---|
| Vermont | Data Broker Registration Act | 2018 | First state registry; ~150 brokers |
| California | Delete Act + SB 1125 | 2024 / 2026 | One-click deletion; most comprehensive |
| Texas | TX Data Privacy & Security Act | July 2025 | Registration + opt-out; ~200 brokers |
| Oregon | OR Consumer Privacy Act | July 2024 | Registration + opt-out; ~110 brokers |
| Colorado | Colorado Privacy Act | July 2023 | Registration + opt-out; ~90 brokers |
| Connecticut | CT Data Privacy Act | July 2023 | Registration + opt-out; ~70 brokers |
| Washington | My Health My Data Act | 2023 / 2025 | Health-specific broker regulation |
Bills are pending in New York, Arizona, Florida, Illinois, Maryland, Massachusetts, Michigan, New Jersey, North Carolina, Ohio, and Pennsylvania.
The $32.5 Billion Reality Check
For all this regulatory activity, it's important to understand the scale of what we're up against:
- $32.5 billion — The data broker industry's annual revenue in 2025 (IBISWorld), projected to reach $38.2 billion by 2027.
- 4,000–5,500 — Estimated number of data brokers operating globally (FTC).
- 150–200 — Number of data brokers estimated to hold data on the average US adult (Consumer Reports).
- 12% — Percentage of Americans who know what a data broker is (Pew Research).
- 89% — Percentage of Americans who have been affected by a data broker data breach or data misuse (Identity Theft Resource Center).
The industry is vast, opaque, and growing faster than regulation can keep up.
What California's Delete Act Portal Doesn't Solve
The Delete Act portal is a genuine win for privacy. But it has real limitations:
California residents only. If you don't live in California, the portal doesn't apply to you — even if California-based data brokers hold your data.
665 brokers registered ≠ 665 brokers deleted. Only 78% of deletion requests were honored during the pilot. And the law only covers brokers registered in California — many smaller or foreign data brokers are not registered.
One-time deletion. Removing your data once doesn't prevent brokers from re-collecting it from public records, other data brokers, or data aggregators. Continuous monitoring is essential.
It doesn't remove your data from people-search sites. While many people-search sites like Spokeo, Whitepages, and PeopleFinder qualify as data brokers under California law, the portal only requests deletion — it doesn't verify compliance. Many sites silently re-list data after the 45-day window.
How to Protect Yourself: A Practical Guide
Whether you live in California or not, here's what you should be doing to remove your personal information from the internet:
Step 1: Use California's portal (if you're a resident)
Visit the CPPA data broker portal and submit your deletion request. It takes about 10 minutes with a valid ID.
Step 2: Opt out of the biggest people-search sites
Even with a deletion portal, the biggest data aggregators need direct opt-outs. Start with these:
- Spokeo — Opt out at spokeo.com/optout
- Whitepages — Submit a removal request
- PeopleFinder — Manual opt-out form
- MyLife — Requires email verification
- Intelius — Opt-out via their privacy page
- BeenVerified — Email-based removal
- Radaris — Request via their opt-out tool
- PeekYou — Manual identity verification
Step 3: Monitor for re-appearance
Data re-appears — it's not a one-and-done process. You need quarterly re-checks. This is the single most underestimated part of data removal.
Step 4: Consider a professional removal service
Manual opt-out from hundreds of data brokers takes dozens of hours per year. Services like CyberForget automate the process — handling opt-out requests, monitoring for re-appearance, and re-submitting deletion requests on a recurring basis.
We currently cover 400+ data broker and people-search sites, with new sites added as we discover them. Our system verifies each removal and alerts you if your data re-appears.
Step 5: Lock down new data collection
- Use a privacy-focused browser (Brave, Firefox with containers)
- Install tracker blockers (uBlock Origin, Privacy Badger)
- Use a VPN to mask your IP and location
- Opt out of data sharing in every service you use — most apps bury this in settings
- Use temporary email addresses for one-time signups
The Bottom Line
June 2026 is a watershed moment for data privacy regulation in the United States. California's one-click deletion portal, the proposed Data Broker Accountability Act, and the FTC's location data rule represent the most aggressive regulatory push against the data broker industry in history.
But regulation alone won't solve the problem. The data broker industry is too large, too opaque, and too profitable. Even a perfect federal law — which we don't have yet — would take years to fully implement. And data brokers have proven remarkably adept at finding loopholes, fighting compliance, and continuing to collect and sell data.
The most effective approach combines three things:
- Regulatory pressure — support laws like the Delete Act and the Data Broker Accountability Act
- Personal action — opt out of data broker sites and monitor for re-appearance
- Automated services — use a professional removal service to handle the ongoing effort at scale
At CyberForget, we've spent years building the infrastructure to fight data brokers on your behalf — because you shouldn't have to spend your life opting out of data collection you never agreed to in the first place.
Frequently Asked Questions
Does the California Delete Act work for non-residents?
No. The CPPA portal only processes requests from California residents. If you live in another state, you'll need to opt out manually or use a service like CyberForget.
How long does it take for data to be deleted?
Data brokers have 45 days to comply under the Delete Act. The federal Data Broker Accountability Act proposes a 30-day timeline. In practice, many brokers delete within 7–14 days for automated portals.
Do I need to re-submit deletion requests?
Yes. Data brokers can re-collect your information from public records (property records, voter registration, business licenses) and data resellers. You should re-check every 3–6 months.
What's the difference between a data broker and a people-search site?
Legally, many people-search sites like Spokeo and Whitepages are data brokers — they collect and sell personal information. For practical purposes, the distinction doesn't matter: you want your data removed from both.
Will the federal Data Broker Accountability Act pass?
It's too early to say. The bipartisan sponsorship is encouraging, and public support for privacy legislation is at an all-time high (87%). But the bill has only just been introduced, and it faces a crowded Senate calendar and likely industry opposition.
Is CyberForget registered with California as a data broker?
CyberForget is a data broker removal service — we help consumers remove their data from data brokers. We do not collect, sell, or share personal data. We do not meet the definition of a data broker under California law.
Want to see which data brokers are currently holding your personal information? Start a free scan at CyberForget.com →
Updated June 11, 2026. This article is for informational purposes and does not constitute legal advice. Laws and regulations may change; consult a qualified professional for advice specific to your situation.
