Introduction
In a monumental move, the California State Legislature has passed Senate Bill 362, aptly dubbed the “DELETE Act.” This groundbreaking legislation is poised to transform the data privacy landscape in California by providing consumers with a powerful tool to regain control over their personal information. As the California DELETE Act awaits the consideration of California Governor Gavin Newsom, let’s delve into the intricacies and implications of this significant development.
Understanding the DELETE Act:
The DELETE Act, officially known as Senate Bill 362, is designed to empower Californians in their quest for data privacy. At its core, this legislation aims to give consumers the ability to demand the deletion of their personal information from every “data broker” with a single verifiable request. But what precisely does this mean, and how does it impact the data privacy landscape in California?
Defining the “Data Broker”:
Under the DELETE Act, a “data broker” is defined as a business that knowingly collects and sells the personal information of a consumer with whom it does not have a direct relationship. While the definition of a data broker is comprehensive, it’s essential to note that certain entities are excluded:
- Federal Fair Credit Reporting Act Coverage: Entities covered by the federal Fair Credit Reporting Act are exempt from the DELETE Act’s provisions.
- Gramm-Leach-Bliley Act Coverage: Entities covered by the Gramm-Leach-Bliley Act and its implementing regulations fall outside the DELETE Act’s scope.
- Insurance Information and Privacy Protection Act Coverage: Entities covered by the Insurance Information and Privacy Protection Act, as outlined in the Insurance Code, are also not subject to the DELETE Act.
Building on the Foundations of CCPA and CPRA:
The DELETE Act builds upon the existing data privacy framework in California, which includes the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act of 2020 (CPRA). These regulations have already granted consumers the right to request the deletion of their personal information held by businesses. However, the DELETE Act takes this a step further by focusing specifically on data brokers.
The Role of the California Privacy Protection Agency (CPPA):
Under the DELETE Act, the California Privacy Protection Agency (CPPA), established by the CPRA, is tasked with creating a streamlined mechanism for consumers to request the deletion of their personal information from data brokers. This mechanism, referred to as a “single verifiable consumer request,” is expected to be operational by January 2026.
Senator Josh Becker’s Vision:
California State Senator Josh Becker, the driving force behind the DELETE Act, emphasizes the urgency of protecting consumers’ sensitive information. He highlights the concerning practice of data brokers profiting from personal data, including data related to reproductive healthcare, geolocation, and purchasing behavior. The DELETE Act is poised to put an end to these practices and restore control over personal information to the hands of consumers.
In conclusion, the DELETE Act represents a pivotal moment in the ongoing evolution of data privacy legislation in California. By empowering consumers with the ability to easily delete their data from data brokers, the Act reaffirms the state’s commitment to protecting individual privacy rights. As it awaits Governor Gavin Newsom’s consideration, the DELETE Act sends a strong message: California is at the forefront of the battle to safeguard personal data in the digital age.