The Delete Act
Key topics
California's "Delete Act" is sparking debate about its potential impact on data collection and privacy, with some commenters hailing it as a groundbreaking step forward, while others worry about its limitations and unintended consequences. The law's effectiveness is questioned by some, given that it only applies to companies doing business in California, prompting others to point out that companies unwilling to comply may simply opt out of the state's market. Comparisons to the EU's GDPR are being drawn, with some arguing that California's law goes further by creating infrastructure for large-scale data deletion, while others contend that the CCPA is actually more effective. As the discussion unfolds, concerns about the law's potential to distort historical records and its potential global implications are being raised.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1m
Peak period
72
0-12h
Avg / period
17.8
Based on 89 loaded comments
Key moments
- 01Story posted
Dec 31, 2025 at 7:02 PM EST
9 days ago
Step 01 - 02First comment
Dec 31, 2025 at 7:03 PM EST
1m after posting
Step 02 - 03Peak activity
72 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Jan 6, 2026 at 2:26 PM EST
3d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
A "right to rewrite history" that will distort reality for historians in the future.
I hope this is good and turns global. We need this, because consent banners do not work.
The CCPA is far better than the GDPR. For one, they actually managed to make a privacy law that didn't have the knock-on effect of polluting the entire internet with pointless cookie banners. The EU is already making moves to scrap huge parts of their misguided privacy regulations and adopt rules more like what California did with the CCPA.
Unfortunately following the link results in an infinite redirect.
https://consumer.drop.privacy.ca.gov/coming-soon.html
https://consumer.drop.privacy.ca.gov/
And yet, Gemini does not seem to let me delete queries. This is unusual for Google who provides ways to delete pretty much all data on selective basis. Maybe I just can't find the option. Or maybe this option only exists if I'm in the EU
Does DROP let you censor search records?
Though I wonder what the second order effects of this might be. Imagine a service that vets tenants for landlords. If I've had all my data deleted, might I start failing background checks because the sketchy data brokers have no records of me? I fear a future where the complete absence of my data leads to bad side effects.
cough un-ecrypted experian backups getting stolen from a UPS truck at gun-point and nothing else stolen cough
Also you can't delete your own credit history data unless it's proved inaccurate. Though you can't delete freeze it.
The page refers to 500 data brokers, but I’d like to find the complete list they use.
There is a reason the FTC and DOJ force this companies to break up, except they have hordes of lawyers and the law will always be catching up to reality so it doesn't do much in this day and age.
That doesn't match the definition of data broker. It's also a huge stretch, as many companies have subsidiaries and different divisions that are separate legal structures.
If you want to be both obtuse and pedantic about it, the answer is (probably) yes to all three.
1st Amendment: Congress shall make No Law
14th Amendment: Due process... incorporate the Bill of Rights against the states
I often wondered whether the next case after MacDonald vs Chicago and Heller would do the same for the 2nd amendment, i.e. wipe away the ability of cities to require gun licensing and registration.
Yes only CA residents can use this.
Why is this better than requiring deletion?
Perhaps. I just see another compliance-industrial tax on consumers backed up by a nonsense checklist.
> act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question
Or opt out by default.
Perhaps California should give counties the power to do that. Then we can watch the experiment for unintended consequences.
I’ll bet most of it depends on how good the certification is.
That's...a really weird phrase. Efficient regulation isn't a tax on consumers, it's protection against unchecked immoral corporations.
Texas is already doing this to track women seeking out-of-state healthcare. Whatever "side" you're on (for that argument): THIS. IS. WRONG.
In addition to ditching your cell phone, consider ditching Texas, too (as a Native™, I did so almost a decade ago). Still toying with the idea of expatriation, but honestly I feel too old for that, now =P
----
We seem to have a lot in common, fellow Xeon-user. My PO Box is in my profile.
It seems mostly all they actually want is replacement slaves, chattel.
I believe it was that same "baby formula survey" that showed the non-christian facilities had a higher chance of donating formula.
Hell is real — it's here on earth — and we create it best for ourselves.
There’s a massive disconnect between people with rules-based morality and people with outcome-based morality. I often see people arguing against abortion bans by saying that they don’t actually cut down on the number of abortions, they just make them more dangerous. Which is entirely missing the point.
They don’t want any particular outcome. They don’t want to save babies, nor do they want replacement slaves. They want the state to punish abortions. That’s the goal in and of itself, it’s not the means to an end.
I don’t endorse any of this. But I think it’s important to understand how people actually think. If you imagine your understanding of morality in someone with a completely different approach, and try to reverse engineer their thinking from their actions on that basis, you’ll end up with something completely wrong.
My most-sobering book read in 2025 was Tim Urban's What's Our Problem — it definitely helped me better understand my two lawyerbros — there is an inner gollum driving everybody, and we need to ascend towards higher thinking.
[•] <https://www.amazon.com/Whats-Our-Problem-Self-Help-Societies...>
Thanks for your perspective.
If you are a Texas resident, you also have a right to request data deletion (or correction) from brokers or other sellers of data, and permanently opt out of personal data profiling for a wide swath of industries including insurance and finance purposes.
Texas is one of the best states for privacy laws, even though we can obviously do better. I'd still like to see a general prohibition on things like flock and more restrictions on ALPRs, but much better than most states.
1. Getting a list of everyone that bought my records from data brokers 2. Reverse record linking to know who joined me, when, where, and how
Just deleting myself from 500 of these databases is a good start that’s decades over due.
Time to flip the scripts.
I think of it as the side effect of first amendment protections that people do not report it for what it is.
-- https://consumer.drop.privacy.ca.gov/
The Delete Act has more teeth. Independent compliance audits begin in 2028 with penalties of $200 per day for failing to register or for each consumer deletion request that is not honored. GDPR spurred organizations to compliance, partly because of the steep penalty (up to €20 million or 4% of revenue, whichever is higher), maybe The Delete Act (and its much smaller penalty) will also spark organizations to comply.
This does feel like an area where there could be useful bipartisan agreement if packaged properly.
This auth.cdt.ca.gov page can’t be found
-- blank page from Chrome.
Imagine that, a government website that's broken. Wait, and I just put in all my personally identifiable info. Grrrrrreat.