Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
From Colin Leher and You take the apodacaCalmness
!["Illustration]("https://i0.wp.com/calmatters.org/wp-content/uploads/2025/08/080725-OPT-OUT-HIDDEN-GH-CM_100.png?fit=1200%2C800&ssl=1")
This story was originally published by CalmattersS Register about their ballots.
California law requires data brokers to provide ways for users to request their data to be deleted. But luck to find them.
More than 30 of companies that collect and sell personal information to users have hidden their Google deletion instructions according to a review of the marking and the calm of hundreds of broker websites. This creates another obstacle for users who want to delete their data.
Many of the pages containing the instructions listed in an official state register, use code To tell search engines yes Remove the page entirely From the search results. Popular instruments such as Google and Bing Respect the code by turning off the pages when you respond to users.
Data brokers nationwide must register in California by State Consumer Privacy Actwhich allows the Californians to ask for their information to be removed, it should not be sold, or they have access to it.
After reviewing the websites of all 499 data broker registered We found the condition that 35 have a code to stop showing certain pages in searches.
Although these companies can execute the letter of the law by providing a page that users can use to delete their data, it means little if these users cannot find the page, according to Matthew Schwartz, a political analyst at Consumer Repords, which studies the California Law, and other confidential issues.
“It sounds like a smart job to me to make it as difficult for users as difficult to find it,” Schwartz said.
After marking and tranquility contacted data brokers, Seven said they would review the code on their websites or remove it completely, and the other two said they had deleted the code independently before connecting. The marking and CalMatters confirmed eight of the nine companies removed the code.
Two companies said they had added the code intentionally to avoid spam on the recommendation of experts and would not change it. The other 24 companies did not respond to a request for comment; However, three removed the code after marking and Calmatters contacted them.
(S)See data on our GitHub Repo.)
“It sounds like a smart job to me to make it as difficult for users as difficult to find it.”
Matthew Schwartz, Analyzer of Politics, Consumer Reports
Most of the companies that answered said they did not know the code was on their pages.
“The presence of (code) on our refusal page was really supervision and not intentional,” said the fourth data company on Data fourth wall, “said in response by email. “Our team immediately resolved the problem after being informed. As a standard practice, all critical pages-including refusal and privacy pages designed to be indexed by default to ensure maximum visibility and accessibility.” The marking and CalMatters confirmed that the code was removed as of July 31.
Some companies that hid their search engine privacy instructions included a small link at the bottom of their homepage. Access to it often requires the scroll of several screens, rejecting pop -ups for cookie and newsletter permissions, and then finding a link that is a fraction with the size of another text on the page.
Thus, users are still facing a serious obstacle when trying to erase their information.
Take Refusal for SteppedA service offered by Kloudend, Inc, which finds the physical locations of Internet visitors based on their IP addresses. People can go to the company’s website to ask the company to “do not sell” their personal data or to refer to their “right to delete it” – but they would have problems finding the form as it contained a code that excludes it from the search results. A Kloudend spokesman described the code as “supervision” and said the page had been changed to be visible to search engines; The marking and CalMatters confirmed that the code was removed as of July 31.
Telesign, a company that advertises services to prevent business fraud, offers simple form To “delete data” and “Give up / don’t sell”. But this form is hidden from search engines and other automated systems and is not connected to its homepage.
Instead, users should look for about 7,000 words in a Legalye confidentiality policy to find a link to the page.
TELESIGN spokesman did not answer a request for comment.
!["Data]("https://datawrapper.dwcdn.net/id2I6/full.png")
Five of the pages listed in the California register not only are not indexed for search but do not exist. For example, a company called BrightCheck, which offers "identity check -managed by AI" lists Page with Privacy Instructions in the California register. But when the marking and Calmatters visited the page at the end of July, we found an announcement that the page no longer existed. The page was there on March 18, when the marking and Calmatters first scanned the site and the Wayback machine has Page archive Since February 14th.
Brightcheck did not answer a request for comment.
Ccpa
The Consumer Privacy Act in California came into force in 2020, managing companies that make the bigger part of their revenue from selling consumer data or which make more than $ 25 million a year or deal with more than $ 100,000 data. Without a comprehensive federal law of confidentiality, the law is among the few regulations that must comply with the data brokers.
The largest database of brokers in California lists nearly 500 companies, most of which users have probably never heard. These include companies with Zippy start-up names such as Statsocial and Uplead and offer everything-from email marketing tools to contact directories. Calmatters Last year published a guide with information How users can exercise their rights using the database or tools of third parties and how they can request the deletion of their children's information.
Tom Camp, the CEO of the enterprise, charged with the implementation of the Privacy Act, the California Protection Agency, said in an interview that the agency had reproduced the marking and findings of Calmatters. While he refused to comment on the practices of each particular company he pointed to Implementation From the Dark Model Agency, which are design choices that have "a significant effect of undercutting or breaching autonomy, decision making or the choice of the user."
If a company finds it difficult to remove its personal data rather than contribute to it, or involves excessive jargon or other obstacles so that users can skip to remove it, according to consultations, they may violate the law.
This year, the Privacy Agency has taken action to apply against companies, including Todd Snyder and Honda for, among other violations, which makes it too difficult to choose not to use their data. Todd Snyder Pay nearly $ 350,000 fine This year while Honda agreed to PAY More than $ 630,000. They both agreed to repair their privacy practices.
Kemp said that when determining whether a company has violated the Privacy Act, it is important to determine whether there is a model of activity that makes it difficult for users to exercise their rights. Hiding a page with privacy instructions may be the first "thread" when determining whether a company is hindering its duties.
In the past, other companies have been criticized for hiding important web pages from search engines. In 2019, Propublica revealed how the company behind the TUBOTAX tax services is effectively allowed Hide an option For users to file their taxes for free. A A report of 2021 by Wall Street Journal found that hospitals hide prices they were obliged to publish According to federal rules of transparency.
Acknowledging that most Californians have never heard of hundreds of companies in the data broker register, legislators in California have recently adopted the Delete Act. The law will create a system called Platform to delete a request and refusalor a drop that will allow California users to send a single, legitimate request to all data brokers in the register at one time. The Privacy Agency intends to start it next year.
This article was Originally Published on CalMatters and was reissued under Creative Commons Attribution-Noncommercial-Noderivatives License.
