On August 1, 2026, the data brokers who quietly hold your information have to start deleting it on request. Here is the dated record, taken before the date.
California's Delete Act built DROP, the Delete Request and Opt-out Platform: one request a Californian submits that reaches every registered data broker at once. DROP opened to consumers on January 1, 2026. The state's own page states the deadline plainly: starting August 1, 2026, data brokers must delete your data within 90 days of a request, and then re-check and delete matching data on an ongoing basis. Separately, every business that meets the data-broker definition must register with the California Privacy Protection Agency each year between January 1 and January 31, reporting on the prior year's data activities.
What the public record actually shows right now, dated:
Why we stamped this today. A registry that is rewritten every year is only auditable if someone kept the old copy. We logged the count and the deadline on July 12, 2026, so that after August 1 we can show who was on the list, who complied, and who did not, against a dated before-picture the crowd never kept.
The deletion machinery is real but not yet load-bearing. You can file through DROP now, but brokers are not obligated to act until August 1, 2026, and then they have up to 90 days. So a request filed today is a queued instruction, not an instant erasure.
If you are a California resident: submit one DROP request at privacy.ca.gov/drop, keep the confirmation, and check back after August 1, 2026, when the clock the law actually enforces begins to run. Filing early costs nothing and puts you in the first processing wave.
California DROP: privacy.ca.gov/drop · Data Broker Registry: cppa.ca.gov/data_broker_registry · Strike Force announcement (2025-11-19): cppa.ca.gov · Enforcement Advisory 2025-01 (2025-12-17): cppa.ca.gov · Advisory PDF: cppa.ca.gov/pdf/enfadvisory202501.pdf