If you’re a resident of California you can take control of your digital privacy. When you input some basic information about yourself into the DROP website (Delete Request and Opt-Out Platform), DROP automatically commands nearly 500 registered data brokers to permanently delete your files and stop selling your information. You’ll get less spam and you’ll attract less attention from scammers and identity thieves.

This is a good thing! Don’t listen to cynics who have doubts. They’re tiny, nasty people who see nuances around every corner.

Except, yeah, about that, I’m a cynic. This won’t be remotely as effective as you wish it would be.

But don’t let that stop you! If you live in California, go to the website and take advantage of it. It’s official, comes courtesy of the California Privacy Protection Agency, and smart people have worked on it for a long time. It’s an important step forward.

This article has the basics about the DROP platform - why it exists, what happens when you sign up. (You could just look at the website, its explanations are quite good, but where’s the fun in that?)

In the next article I’ll talk about some of the reasons this isn’t a cure-all because I’m a gloomy person who apparently can’t allow you to feel hope. I think you should know enough to be realistic. But again: the DROP platform is a good thing! Sign up for it!

Information about you is rushing along in a giant river of data, from one database to another in a nonstop dizzying torrent. Many companies and government agencies profit from having your information. Much of our economy is built on surveillance at a level of detail that is frankly pretty astonishing.

Six years ago I wrote an article about the data broker industry, a good introduction to the thousands of companies that traffic in your “age, race, gender, height, weight, marital status, religious affiliation, political affiliation, occupation, household income, net worth, home ownership status, investment habits, product preferences and health-related interests." 

Thanks to our phones, cameras, wearables, and the massive growth in surveillance and analysis tools (including AI), now these companies in the shadows know your transit routes and favorite destinations, driving behavior, browsing and social media history, social circles and coworkers, your sleeping habits, and whether you attended a protest or political rally. Algorithms can predict if you are pregnant, getting a divorce, or planning to quit your job months before you take any official action, based on subtle shifts in your search and navigation habits.

What do they do with the data?

Personal data is the primary currency of the internet advertising economy, of course, mostly through Google, Facebook/Meta, and Amazon, used to blast hyper-targeted ads at you. Each of the companies have extraordinary piles of data about you and they gather more every minute of every day. But they collect the data directly and store it themselves and do not sell personal profiles to other companies. (That’s a generalization but it works for the big picture.)

It’s called “first party data collection.” First-party businesses are exempt from DROP. Google, Facebook/Meta, and Amazon will continue to collect information about you regardless of whether you sign up with DROP.

Reality check: Facebook/Meta gathers information from tracking tools on literally millions of websites, regardless of whether you have a Facebook account or scroll Instagram. Meta is about to overtake Google as the world’s top digital ad platform.

DROP is aimed at “third party data collection” by the data brokers, companies you don’t have any relationship with. They sweep up your data from public records, purchase histories, online activity, location tracking, loyalty programs, and a host of other sources. Data brokers routinely scrape information from free health-tracking apps, mental health platforms, and search histories, which are not protected by traditional medical privacy laws. The California Privacy Protection Agency recently fined a data broker for buying and reselling lists of millions of people battling Alzheimer's disease, drug addiction, and bladder incontinence. 

They sell your data to everybody. 

Want some examples? Are you sure?

There’s a loophole that allows government agencies to purchase data from the brokers without a warrant, so the data broker industry is heavily relied on by federal law enforcement, immigration authorities, and the Department of Homeland Security. 

Insurance brokers buy data about your driving or lifestyle to adjust premiums. 

Banks buy data to evaluate you for a loan. Data brokers create secret, proprietary algorithms and send your scores to determine the interest rates you receive on mortgages and credit cards.

Landlords buy data about eviction history, criminal records, or even analysis of social media sentiment about a potential tenant. 

Pharmaceutical marketers buy data about people who search for specific symptoms or buy over-the-counter medications for targeted ads. 

Political campaigns combine your voting record with your consumers habits to bombard you with highly targeted political ads.

Brokers have sold data to China and Russia for use in espionage or AI training.

Scammers frequently purchase profiles from data brokers for text scams, cold calls, and identity theft. The bad guys can supercharge their scams because they have accurate details about your bank, employer, or the places you have recently visited.

And more, so much more. . .

California passed a landmark privacy law in 2018 and created a public registry of data brokers in 2019 but until now you could only approach each broker individually to demand deletion - obviously futile and onerous.

The DROP website is the product of a ballot measure, more laws, and a lot of work to help consumers reclaim some of their privacy.

The idea behind the DROP platform is simple: instead of forcing you to chase hundreds of obscure data brokers one by one, the state lets a California resident submit one request that goes to all registered data brokers at once. 

It sounds obvious but California is blazing a trail here. Only four states require data brokers to register. The European Union set up data deletion rights years ago but there has never been a central place to demand removal of personal data from data brokers. California’s public clearing house is an innovation.

It’s a bit paradoxical that you will begin the process of deleting your personal data by . . . supplying personal information. You’ll have to verify that you’re a California resident, then fill in personal details - name, date of birth, physical address, email addresses, and more.

The state system has been set up to keep those details private and secure, but some of it will be supplied to the data brokers so they can find you in their records. 

If the data broker finds a 100% match, your information is deleted and the broker can’t track you again forever and ever, plus or minus some nuances. If there’s no exact match, the status on all likely matches is supposed to change to “Opted-out,” where the data broker keeps your information but pinky-swears not to sell it.

The whole machine is only now getting started. The web portal is live; you can supply your information and request privacy. It’s a modest pain to verify you are a resident and some of the optional numbers - vehicle ID number, mobile advertising identifiers, connected TV IDs - will be challenging to track down. 

And then nothing will happen immediately. Brokers don’t have to comply until August 1, 2026. Over the next few years data brokers will begin to file reports about compliance and be subject to audits. There are various fines for noncompliance and much will be learned by the willingness of the state to pursue those penalties and whether they are sufficient to change the data brokers’ behavior.

You have nothing to lose, but there are some niggling questions about how much you stand to gain. We’ll talk about those next time.