Deleting Data Is Not the Same as Owning It
California’s DROP is real progress, but deletion is the defensive version of control. Ownership has to mean more than removal.
Why this matters
California now has something privacy should have had years ago: a single place where a person can ask data brokers to delete their information.
It is called DROP, short for Delete Request and Opt-out Platform. The official page says it lets California residents send one request to more than 500 registered data brokers. Starting August 1, 2026, those brokers must delete the person’s data within 90 days. The California Privacy Protection Agency’s broker guidance also says data brokers must access the deletion mechanism at least once every 45 days and process deletion requests, subject to limited exceptions.
That is real progress.
It matters because the old model was absurd. If your privacy depends on finding each broker, understanding each form, proving yourself repeatedly, and hoping each company processes the request correctly, then privacy has quietly become an administrative job. Most people already have one of those.
DROP makes the job smaller. That is good.
But it also exposes a larger problem: deleting data is not the same as owning it.
Worked example
Deletion is the defensive version of control. It says: stop selling this, stop circulating this, stop letting strangers package fragments of my life into something I never asked for.
Sometimes that is exactly what people need. There is data that should not be floating around in broker databases at all.
Ownership asks a different question.
What should I be able to do with my own data when I want to use it for myself?
That question is still strangely underdeveloped. A lot of privacy law and product design is built around removal, access, consent, or compliance. Those are useful tools, but they do not automatically turn personal data into something a person can understand, move, improve, or put to work.
| Control type | What it gives you | What it does not give you |
|---|---|---|
| Deletion | Less exposure | Useful personal context |
| Access | A copy | A working tool |
| Portability | Movement | Meaning |
| Ownership | Leverage | Automatic safety |
That last row matters. Ownership is not magic. Owning data does not automatically make it safe, useful, or valuable. A messy export sitting in a ZIP file is technically yours, but it is not doing much for you. It is like being handed a box of receipts and told you now own your financial history.
Still, the distinction matters because the next wave of AI will make personal context more valuable.
The most useful AI tools will not only answer generic questions. They will understand the user’s preferences, work, relationships, habits, constraints, documents, history, and intent. In other words, they will become better when they have access to the kind of context that data brokers, platforms, apps, and devices already collect in fragments.
So deletion cannot be the final horizon.
A delete button protects you from some uses of your data. It does not help you benefit from the data you created.
Limitations / not a fit
The better future has both. People should be able to make brokers delete data they should never have been trading in the first place. They should also be able to keep a usable, private, self-controlled version of the data that can help them.
That could mean a personal AI that remembers what the user wants it to remember, not what a platform happens to retain. It could mean exported chat histories that become legible, searchable, and useful. It could mean private local tools that help someone reflect on their own patterns without handing those patterns to another market.
The important thing is not to confuse removal with agency.
DROP is a good step because it reduces exposure and friction. It gives people a practical way to say no to a system that was never designed around their convenience.
But the deeper question is what comes after no.