The new bill reinforces that all data brokers must register with the California privacy protection agency, and it requires the CPPA to establish an easy and free way for Californians to request that all data brokers in the state delete their data through a single page, regardless of how they acquired that information. If data brokers don’t comply with these rules, the bill stipulates they be fined or otherwise penalized.
Hopefully this becomes the standard nation wide. Having a single page where you can delete your accounts on multiple services with a single click sounds like a data privacy dream.
Can I take a trip to California and do this or is there some way your residence is determined? I’m about to go to sleep so I don’t want to read the article!
I work in an adjacent industry. Establishing “is this person actually a resident of X” is really hard. It’s much easier to just allow everyone to submit CPPA/CPRA requests.
So that’s what everybody does.
Just because it’s only required in CA doesn’t mean you won’t be able to make use of it!
Edit: At the start of 2023 the CPRA already established that CA residents (which really became anybody) can request their data be deleted. It looks like this new bill just mandates a central location to transmit those requests out to everybody from.
There are already services that do this (The article mentions Delete Me) for a fee. This is going to eat their lunch, but is going to be a major win for privacy!
You don’t even need to go there. You can just claim to be a resident and most companies won’t actually bother to check. This is why when the EU passed GDPR, most companies just gave all users GDPR rights.
I worked on a CCPA project in a non CCPA state for a big media company. Company’s lawyers just wanted to make it so if anyone applied we complied, its cheaper in terms of labor to build it out and comply.
VPNs