Blog
picture

🖋️ Governor of California signs the Delete Act creating a one-stop-shop opt out mechanism and greater accountability for data brokers 📜

Senate Bill 362, commonly referred to as the California Delete Act, has been signed by Governor Newsom. The Delete Act adds to California’s existing privacy laws, including the California Consumer Privacy Act (#CCPA) and the California Privacy Rights Act (#CPRA). The Delete Act has significant implications for data brokers (companies that collect, use and sell consumer personal data) including enhanced registration requirements and greater transparency and audit provisions. It also moves oversight of the law to the recently created California Privacy Protection Agency (CPPA).

The Delete Act creates:

🔄 One-stop-shop deletion requests: where previously consumers were required to submit a deletion request to each relevant data broker, the CPPA is tasked with establishing a mechanism by 1 Jan 2026 to allow residents of California to submit a single deletion request to all covered brokers. From 1 Aug 2026 brokers will have 45 days to action such requests and direct their service providers to do the same.

📋 Enhanced registration requirements: data brokers will now have to register with the CPPA (previous registration was with the California AG) and will be required to provide significantly more information to the CPPA than previously required, including the type of data collected, whether they collect data from minors, precise geolocation information, and/or reproductive health data.

🕵️‍♂️ Greater transparency obligations: data brokers must also provide consumers with information on how to exercise their privacy rights, including deletion requests and how to opt out of sharing or sale of their data.

📊 Additional audit capabilities: data brokers are obliged to report annually on the volume of deletion requests received, complied with, or rejected (with their reasons for not complying).

💸 Higher penalties: data brokers that fail to register with the CPPA or fail to act on a deletion request may be liable for a fine of $200 for each day of such failure - double the current fine.

While the law in California is still operating an “opt out” model, the Delete Act creates significant changes for those businesses caught by it, as well as a challenge for the CPPA in devising a central mechanism to handle one-stop-shop deletion requests by the start of 2026.

Check out the latest posts:

picture

📜 White House issues Executive Order setting new standards for AI regulation 🌐

President Biden has taken a stride in ensuring that America takes the forefront in harnessing the potential of artificial intelligence (AI) while also addressing its challenges.

picture

Update on EU's AI Act: EU policymakers Have Proposed Stricter Regulations for High-Risk AI Systems

EU policymakers are planning to have changes to the AI Act, aimed at regulating Artificial Intelligence in a risk-based approach. The core of this legislation is to ensure the safety and protection of fundamental rights when it comes to high-risk AI systems.

In the original proposal, certain AI solutions were automatically categorized as high-risk, but recent discussions introduced exemption conditions to allow AI developers to avoid this classification. However, the European Parliament’s legal office expressed concerns that this approach might lead to legal uncertainty and not align with the AI Act’s objectives.

picture

🔍 Face search company Clearview AI overturns UK privacy fine

Clearview AI, a company specializing in facial recognition technology, has successfully overturned a £7.5 million privacy fine imposed by the UK’s Information Commissioner’s Office (#ICO). The company’s innovative technology empowers clients to search a vast database of images collected from the internet for matches to specific faces, providing valuable links to where these matching images appear online.