Welcome! This is a community for all those who are interested in protecting their privacy.
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
Some of these are only vaguely related, but great communities.
Good job California! You’re making some positive moves!
Here's how it's gonna go:
Government of california: "delete this"
Company: no
Gov: okay well here's a fine for $200 million, don't do it again
Company: that's fine, we made $1.8 billion with the data, this is just the cost of doing business
repeats next year but with a sternly worded letter
Prove me wrong, California. Break companies out of existence when they break the law. Don't just slap them on the wrist with a fine.
Fine them $1 million per day per person who still has data on their site if they submitted the form.
Really, these types of services need to be opt-in instead of opt-out.
They need to not exist.
I appreciate your cynicism, but I'm not personally inclined towards it. I think what it will ultimately boil down to, which you alluded to, is how the law is enforced. If they get fined as a first measure but then get taken to court for a second failure by California's attorney general and get subsequently bankrupted, it might stand as an example to others.
Or maybe they'll still say the potential risk is still worth it. I dunno. We'll just have to see how this goes, but it's still better than the current options, which are:
None of those are great, so I'm hopeful this is the start of something better.
Earlier in the year I read an article claiming that something like 40% of the data brokers doing business here (ie collecting data on California citizens) don't comply with elements of existing law, such as registering with the CA secretary of state. So the author wasn't bullish on the idea that they'd suddenly start just because there's a new law. They are sayign the AG will aggressively pursue violators, but we'll see.
If nothing else, we'll have one more data store to get hacked.
FYI the terms say brokers don’t have to comply until August 2026, so it may take a while to see a difference
I believe it's 90 days after August 2026.
So functionally 2027
I imagine we'll see a spectrum of compliance:
There's also a likely side effect where even more of the data brokers outside of CA will just not register with the state, and just wait for an enforcement action against them and pretend they never knew about the compliance requirements. And some who are currently registered may just cease operations and reorganize into new entities that can do the same. Whether it yields any meaningful improvement for California residents really depends on how hard the AG goes after these companies. If it were tax rev, they'd go hard. But since it's not, it's really hard to say. My guess is token enforcement for electoral optics. But who knows.
Well, I put in a bunch of personal info and then it rejected two 2FA codes that it sent to my phone so I couldn't submit at the end. Sigh.
Anyone used it yet?
Each time you use DROP, you must use the same method to verify you're a California resident. Example: If you used Login.gov, then you must always use Login.gov.
Does it make a difference which verification you use? Can you "unsubscribe" multiple names/addresses? For example those with nicknames (William/Bill) or married names, and those who have moved around quite a lot?
"What about the other 1000+?"
"Well, it's a start."
Most of the "500+" will simply ignore their legal requirements and eat the fine.
But some won't.
So it's better than continuing to do nothing, it's at least vocally (legally) saying they aren't cool with it.
Damn it cuts the connection to the site when I switch to my email app to confirm. Here's to hoping I remember to do this tomorrow!
Did you do it?