1. What happens August 1, 2026 — and why it matters
On August 1, 2026, the California Privacy Protection Agency (CPPA) activates the DELETE Request and Opt-Out (DROP) platform — a government-operated portal that lets any California resident submit a single deletion request that reaches all 545+ registered data brokers simultaneously.
Before this date, removing your personal information from data brokers required submitting individual opt-out requests to each company. Some had web forms. Some required a notarized letter. Some required you to submit a photo ID. Many ignored requests entirely. The average time to opt out of 100 brokers: 16+ hours of manual work.
August 1 changes that calculus. A single DROP submission triggers a legally binding 45-day deletion obligation for every registered broker. Non-compliance isn't just rude — it's $200 per request per day in CPPA fines.
The window between now and August 1 matters too. If you use an automated service like Fadeaway to start removing your data today, you'll have cleared many of the unregistered brokers by the time DROP goes live — then DROP handles the California-registered layer. That's a two-pronged attack on your digital footprint.
Not a California resident? The DELETE Act's DROP portal is California-only. But the law still exerts pressure — many brokers are now processing deletion requests broadly to avoid compliance complexity. And Fadeaway's automated removal covers all 4,000+ global brokers regardless of where you live.
2. What the California DELETE Act actually requires
SB 362 was signed by Governor Newsom in October 2023. It amends AB 1202 (which required data brokers to register with the state) and adds enforcement teeth. Here's what the law actually says:
Who it covers
Any business that "knowingly collects and sells to third parties" the personal information of California residents, and derives at least 50% of annual revenue from that sale, or maintains data on 100,000+ consumers. As of early 2026, 545+ brokers are registered with the CPPA — though enforcement estimates suggest hundreds more may be operating unregistered.
What "personal information" means
Under SB 362, this includes: name, address, phone number, email, Social Security Number, physical description, IP address, geolocation data, financial information, biometric data, employment history, education information, and inferences drawn from any of the above. In other words: nearly everything these companies have on you.
The suppression requirement (the most important part)
This is what makes SB 362 different from previous opt-out regimes. Brokers can't just delete your current file and then re-add it when they scrape new data. They're required to maintain a suppression record — a permanent flag that prevents your information from being re-added, even if new public records emerge or they receive your data from another source.
In practice, suppression compliance is the hardest part to enforce. But the legal obligation exists, and the fine structure gives the CPPA real leverage.
The 45-day response window
From the moment a broker checks the DROP platform (required at least every 45 days), they have 45 days to complete deletion. So worst-case scenario: you submit on Day 1, a broker doesn't check until Day 45, then they have another 45 days to process. That's up to 90 days total. Best case: same-day check, deletion in 2 weeks.
3. What data brokers must do — and what they won't
The legal obligations are clear. Reality is messier. Here's what the law requires vs. what you should expect:
| Obligation | What the law says | Realistic compliance |
|---|---|---|
| Check DROP | At least every 45 days | High — automated, easy to build |
| Delete all personal info | Within 45 days of receiving request | Medium — varies by broker infrastructure |
| Notify service providers | Direct all downstream processors to delete | Medium — hard to audit |
| Maintain suppression record | Permanently suppress re-addition of your data | Low — no audit mechanism yet |
| Confirm to CPPA | Upon request, confirm deletion | High — direct regulatory pressure |
The honest picture: deletion compliance will be high. Suppression compliance — the thing that prevents your data from coming back — will be patchy at best in the first year of enforcement. The CPPA simply doesn't have the staffing to audit 545 brokers' suppression lists.
What this means for you: plan to resubmit DROP requests every 45 days (as recommended), and use ongoing monitoring to catch re-appearances in the uncovered broker universe.
4. Why DROP alone won't make you disappear
Here's the math problem with relying only on the DROP portal to disappear from the internet:
Coverage gap: 545 of 4,000+
DROP covers California-registered brokers. There are an estimated 4,000+ data brokers operating globally. The 3,500+ outside California's registry have no legal obligation to respond to DROP requests. That's 87.5% of the data broker universe the DELETE Act doesn't touch.
Some of the most privacy-invasive operators — Whitepages, BeenVerified, TruthFinder, Spokeo, Instant Checkmate — do participate in DROP. But hundreds of smaller and international brokers don't, and they're often the ones selling the most sensitive data.
Social media isn't covered
Facebook, Instagram, X (Twitter), LinkedIn, TikTok — none of these are covered by SB 362. If your public profile exists on these platforms, DROP won't touch it. Neither will any data broker removal service. You have to handle social platforms manually through each platform's privacy settings.
Public records are the source, not the symptom
Data brokers don't create your information — they aggregate it from public records: voter registrations, property filings, court records, business licenses, and more. These underlying records aren't touched by the DELETE Act. Brokers delete their current copy, but re-scrape from public records sources every 30–90 days. Without a suppression record holding, your data returns.
The re-scraping cycle
This is why every privacy researcher agrees: removal is a maintenance program, not a one-time event. After a successful opt-out campaign, data typically reappears on major brokers within 3–6 months. By month 12, most people are back near baseline exposure. The only defense against this cycle is automated, continuous monitoring and re-removal.
5. Step-by-step: how to use Fadeaway to disappear before August 1
Here's a concrete action plan combining Fadeaway's automated removal with the DROP portal launch. The goal: have most of your exposure removed before August 1, then use DROP to sweep the California-registered layer on day one.
Run your free privacy scan
Go to getfadeaway.com and enter your name. Fadeaway scans 600+ data broker sites and returns your privacy score plus a count of sites where your information appears. This is your baseline — and you need to know the scope before you can act on it. Takes about 60 seconds. No credit card required.
Enter your email to unlock the full report
After seeing your score, enter your email to get the detailed breakdown: which brokers have your data, what information they're exposing (address history, phone numbers, family members, criminal/court records), and a severity ranking. This also starts your removal tracking — Fadeaway logs every request so you can see what's been cleared.
Start automated removal
Fadeaway begins submitting opt-out requests to brokers immediately. For brokers with web forms, we automate submission. For brokers requiring email or legal requests, we send them on your behalf. For brokers subject to GDPR Article 17 or CCPA, we invoke those frameworks. The first wave of removals typically completes within 2–4 weeks.
Monitor your exposure dashboard
Your Fadeaway dashboard tracks every broker: pending request, confirmed deletion, or re-appeared (triggered for re-removal). You'll see your exposure score drop in real time as removals confirm. Most users see 60–80% reduction in active exposures within 30 days.
Submit your DROP request on August 1, 2026
When the CPPA's DROP portal goes live at cppa.ca.gov on August 1, submit your deletion request immediately. California residents can do this directly. Fadeaway will prompt you and help you through the process. This covers the 545+ registered California brokers with legal enforcement. Combine this with Fadeaway's ongoing removal of the 3,500+ unregistered brokers for comprehensive coverage.
Keep automated removal running
Don't cancel after the first cleanup. Brokers re-scrape constantly. Fadeaway runs re-removal cycles every 30–45 days per broker, catching re-appearances before they become entrenched. This is the only durable way to stay removed. Think of it as a $10/month subscription to not having your home address available to anyone with a browser.
See who has your information right now
Free scan. Takes 60 seconds. No credit card required.
Start your free scan →What to do about social media
Fadeaway handles data brokers. Social media platforms require separate action. Here's a quick checklist for the platforms most people overlook:
- Google Search: Use Google's "Results about you" tool at myaccount.google.com/data-and-privacy to request removal of personal contact info from search results.
- Facebook/Instagram: Audit your privacy settings — particularly "Posts you're tagged in" and "Profile visibility to non-friends." Consider making your profile private or limiting to friends-only.
- LinkedIn: Under Settings → Visibility, turn off profile visibility to non-connections and disable public profile indexing if privacy is a priority.
- X (Twitter): Protected tweets limit discoverability. Consider whether your X presence serves you or works against your privacy goals.
- Old accounts: Search for your name + old email addresses on Google. Close or delete accounts on platforms you no longer use — dormant accounts are an underestimated exposure vector.
6. FAQ about the DELETE Act
What is the California DELETE Act enforcement date?
August 1, 2026. That's when the CPPA's DROP (Delete Request and Opt-Out) platform goes live and enforcement obligations kick in. Data brokers who fail to process deletion requests within 45 days face $200-per-request, per-day fines from the California Privacy Protection Agency.
Do I need to be a California resident to use DROP?
Yes — the DROP portal is limited to California residents. However, if you live outside California, the law still creates market pressure: many brokers are now processing deletion requests broadly to simplify their compliance operations. Additionally, Fadeaway's automated removal works for anyone regardless of location, covering all 4,000+ global data brokers.
Is submitting a DROP request a one-time thing?
No. The CPPA recommends resubmitting every 45 days, because new brokers register continuously and suppression records aren't guaranteed to hold when a broker's data is re-scraped from public sources. Think of DROP as a recurring task, not a single action.
What happens if data brokers don't comply with the DELETE Act?
The CPPA can impose fines of $200 per deletion request per day of non-compliance. For a broker ignoring 1,000 simultaneous requests, that's $200,000/day in potential liability. The fine structure is significant enough that most registered brokers are expected to build automated DROP compliance pipelines before August 1.
Will the DELETE Act make data brokers delete everything they have on me?
It will make them delete what they currently hold and suppress future re-additions — for the 545 registered California brokers. It does not affect the 3,500+ unregistered brokers, social media platforms, government records, or any data held by companies operating outside California's jurisdiction.
How is Fadeaway different from just using DROP myself?
DROP handles 545 California-registered brokers, requires you to resubmit every 45 days, and only becomes available August 1. Fadeaway covers 600+ brokers now (including non-California operators), automates re-removal every 30–45 days, handles legal framework requests (GDPR, CCPA) for eligible users, and monitors for re-appearances continuously. DROP and Fadeaway are complementary — DROP adds legal enforcement to the California layer, Fadeaway handles the rest.
I've already opted out of some brokers. Do I need to do it again?
Almost certainly yes. Broker opt-outs typically expire or are overridden when brokers re-scrape from public sources. If your last opt-out campaign was more than 6 months ago, most of your data has likely reappeared. Run a free scan at getfadeaway.com to see your current exposure — the results are usually surprising.
Related guides
- The California DELETE Act (SB 362): What It Means for Your Digital Footprint — a deep dive into what the law requires and what it doesn't.
- How to Disappear from the Internet in 2026 — the complete playbook: DIY opt-outs, legal tools, and why automation is the only durable solution.