
We live in time when almost everything we do leaves a digital trace: from the photos we share to the places we visit, the products we search for or the messages we write. That trace, which defines our digital identity, is both a valuable asset and a double-edged sword.
The social platforms and data brokers that sell and buy our personal information have created an opaque market where our private life is a commodity. Which is why California’s decision to enable legal tools such as the Delete Request and Opt-Out Platform (DROP) so its residents can demand the removal of their data from these brokers is welcome news: recognition, at least in some places, that the current model is not sustainable and that our privacy must be safeguarded by specific laws.
California’s legislation, through the California Consumer Privacy Act (CCPA), and more recently the California Delete Act, attempts to rectify the structural imbalance whereby we as individuals have very few effective tools to exercise real control over what is known about us. But now, through the DROP platform, residents can submit a single request for more than 500 registered data brokers to delete their personal information, which was only possible before through fragmented and inefficient processes with each company individually.
As well as reducing the amount of targeted advertising or spam we receive, these legal initiatives raise the deeper question about the value and meaning of privacy in a digital world. The right to decide what is shared, with whom and under what conditions collides with a business model based on mass capture and indiscriminate monetization of data.
Europe’s General Data Protection Regulation (GDPR), has gone even further by enshrining data protection as a fundamental right and setting strict obligations for any entity that handles the data of European residents, regardless of where the company is located. This approach recognizes that in the 21st century, personal data is an extension of our personality and that its processing cannot be at the mercy of algorithms or unreadable terms of use.
Comparing the EU and US approaches helps puts California’s progress in context: while the GDPR articulates a broad framework of rights, including the conceptually erroneous “right to be forgotten”, and obligations for processors and data controllers, in the United States regulation has historically been fragmented and sectoral, leaving states like California at the forefront of protection that does not yet exist at the federal level. The Delete Act and DROP are an attempt to centralize and simplify the exercise of rights that until now have proved illusory in practice.
However, it is not just a matter of putting a tool in our hands. Previous experience with laws such as the CCPA has shown that the existence of rights does not guarantee their effective exercise. Academic research has indicated that many data brokers systematically fail to comply with their obligations. This is not a minor flaw: it underscores that without real oversight and sanctions, even the best laws designed with the best intentions can remain a dead letter.
The entry into force of the DROP on 1 January 2026 is, therefore, a technical and symbolic advance. Symbolic, because it expresses the idea that a state can intervene to restore a certain balance in a market where the information asymmetry means most people simply accept being monitored and profiled. Technical, because the platform has to work with verification, security and compliance standards that have not been easy to define or implement.
The challenge will be to force brokers to comply with data deletion and preventing them from hiding their data cancellation pages, meaning the authorities must be willing to punish infringements. Cases in which data brokers have hidden data exclusion tools from search engines show that the industry continues to avoid the spirit of the law.
Beyond California and Europe, other places are watching these changes closely. Growing social and political pressure to protect privacy is leading many countries to strengthen their legal frameworks or create new horizons of digital rights. Even in Spain, where the Spanish Data Protection Agency handles thousands of complaints a year, tensions between technological innovation and safeguarding rights are a recurring topic on the public agenda.
In the final analysis, our privacy will not be protected solely by specific laws; it requires social and technical practices that make data control real. Legal tools are indispensable, but without a critical understanding of what it means to own our digital identity and the risks we run if we do not, we will continue to be at the mercy of interests that treat our data as an economic resource. The debate on privacy, far from being closed, is at a turning point in the transformation of our relationship with technology, with enormous implications for democracy, the economy and individual freedom in the digital age.
—
This post was previously published on Enrique Dans’ blog.
***
You Might Also Like These From The Good Men Project
If you believe in the work we are doing here at The Good Men Project, please join us as a Premium Member today.
All Premium Members get to view The Good Men Project with NO ADS.
Need more info? A complete list of benefits is here.
Photo credit: iStock





