California’s DROP System: How to Delete Your Data from Every Broker at Once

On January 1, 2026, California launched something no other state has: a single portal where residents can submit one deletion request that applies to every registered data broker in the state.

It’s called the DELETE Act Registration and Opt-Out Platform — DROP — and it’s the most powerful consumer privacy tool in the country.

Here’s what it does, how to use it, and why it still isn’t enough on its own.

What Is the DROP System?

DROP is a portal run by the California Privacy Protection Agency (CalPrivacy). When a California resident submits a deletion request through DROP, every data broker registered with the state is required to process that request within 45 days.

That’s significant. Before DROP, if you wanted your data removed from brokers, you had to visit each one individually, find their opt-out page, fill out their specific form, and hope they honored it. With 500+ known data brokers operating in the U.S., that process could take dozens of hours.

DROP collapses that into one submission.

How DROP Works

1. Visit the DROP portal through CalPrivacy’s website
2. Verify your California residency
3. Submit your deletion request
4. Brokers have 45 days to process it
5. Noncompliant brokers face penalties of $200 per violation

CalPrivacy has been clear that registration as a data broker doesn’t exempt companies from the deletion requirement. If you’re a registered broker and you don’t honor DROP requests, you’re liable.

What California Got Right

One request covers all brokers. No more hunting down individual opt-out pages. No more submitting 21 separate forms across 21 different websites with 21 different verification processes.

Mandatory compliance. This isn’t voluntary. Data brokers operating in California are legally required to honor DROP requests. The $200 per-violation penalty means noncompliance scales quickly.

Expanded broker registration. California expanded its data broker registration law through SB 361, requiring brokers to disclose significantly more about the data they collect — including whether it’s sold to foreign actors, government agencies, or AI developers.

Enforcement muscle. CalPrivacy entered into the largest CCPA settlement to date in July 2025 — $1.55 million against an online health information publisher. The agency isn’t just writing rules. It’s enforcing them.

What DROP Doesn’t Cover

Only California residents qualify. If you live in any of the other 49 states, DROP doesn’t apply to you. You’re still submitting individual opt-outs one at a time.

Only registered brokers are covered. Some data brokers haven’t registered with the state. CalPrivacy issued an advisory noting that brokers may not be disclosing all of their trade names or websites. Unregistered brokers face penalties, but that doesn’t help if your data is in an unregistered database right now.

It doesn’t cover facial recognition databases. DROP handles data brokers — companies that collect and sell personal information like your name, address, and phone number. It does not cover facial recognition companies like Clearview AI, PimEyes, or FaceCheck.ID, which index your face separately.

Removal isn’t permanent. Even after a successful DROP deletion, brokers can re-acquire your information from public records, social media, and other sources. Your data can reappear within weeks.

It doesn’t cover vehicle surveillance. License plate reader networks, connected car data collection, and DMV records are all outside DROP’s scope.

What California Residents Should Do

If you’re a California resident, DROP is your starting point — not your finish line.

Step 1: Submit a DROP request. Use the portal. It’s free and covers every registered broker. This is the most efficient privacy action available to any American consumer right now.

Step 2: Run a facial recognition audit. DROP doesn’t touch your face. Search yourself on PimEyes, FaceCheck.ID, Google Lens, Yandex, and TinEye. California residents are eligible to opt out of Clearview AI.

Step 3: Check your vehicle exposure. Use DeFlock.me to see how many license plate readers are in your area. Check plate lookup sites. Opt out where possible.

Step 4: Harden your social media. Review privacy settings on every platform. Disable ad tracking on your phone. Disconnect linked accounts. Strip EXIF metadata from photos.

Step 5: Monitor for re-listing. Your data will come back. Submit new DROP requests periodically, or set up ongoing monitoring.

What If You’re Not in California?

Nineteen other states now have comprehensive privacy laws with varying deletion rights. Check whether your state is one of them.

You can still opt out of individual brokers manually. Start with the biggest: Spokeo, BeenVerified, WhitePages, Radaris. You can opt out of Clearview AI if you’re in California, Colorado, Connecticut, Illinois, Utah, or Virginia. PimEyes opt-outs are available to anyone. DeFlock.me and plate lookup site opt-outs work regardless of state.

The Bottom Line

California’s DROP system is a genuine breakthrough — the first time any state has created a single mechanism to delete your data from every commercial broker at once. If you’re a California resident, use it.

But DROP covers one category of exposure. Your face, your vehicle, your social media, your dating apps, and your phone’s location data are all outside its scope. Real privacy requires addressing all of these vectors.