Companies should conduct a comprehensive review to ensure they’re not sharing sensitive data about Americans with foreign adversaries and violating federal law, the FTC said Monday in letters to 13 data brokers.
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
Virginia lawmakers continued to narrow what privacy bills could pass before this year’s session comes to an end in mid-March. At a Monday meeting, the House Communications Committee voted unanimously by voice to punt bills on AI chatbots (HB-635) and data brokers (HB-638), both by Rep. Michelle Maldonado (D), until 2027.
The sponsor of a Washington state data broker registration measure reluctantly supported advancing her bill after the House Consumer Protection Committee adopted two exemption amendments she opposed. At a webcast meeting Wednesday, the committee voted 8-7 to advance HB-2483 after carving out first-party entities and those who publish publicly available information.
Two years after the Connecticut Data Privacy Act (CTDPA) took effect, consumers still complain about unsuccessful attempts to exercise their data rights, said the state's office of attorney general (OAG) in a report Thursday. Another top consumer issue, data breaches, elicited more than 60 complaints last year, it said.
Colorado in 2026 will prioritize privacy enforcement on issues related to children’s data, biometric data, data broker sales and mobile-app tracking activity, Assistant Attorney General Andrea Lowe said at Privado’s Bridge Summit event on Thursday.
A Virginia location privacy bill won unanimous support in the Senate on Tuesday. State senators voted 39-0 for SB-338, sending it to the House.
The California Privacy Protection Agency will seek to illuminate how California Consumer Privacy Act (CCPA) rights work in the employment context through an upcoming rulemaking, CalPrivacy Executive Director Tom Kemp said in a keynote at compliance vendor Privado’s Bridge Summit event Wednesday. The agency plans to discuss a timeline for comments on that and other potential rulemakings at the CalPrivacy Board’s Feb. 27 meeting, he said.
Data brokers should prepare now to comply with the California Delete Request and Opt-out Platform (DROP), Kelley Drye attorneys Aaron Burstein and Celine Guillou blogged Monday. “Preparing to use the DROP requires data brokers to thoroughly understand their data and data flows and implement new processes to interact with the platform.”
French watchdog CNIL's 2026-2028 work program aims to deepen its understanding of business models related to personal data and to better measure the effect of its decisions, including more economic analysis of the impact of the GDPR, it said Monday.
State legislatures last month saw a rush of bills seeking to protect kids online, rein in data brokers and stop so-called surveillance pricing, Troutman privacy attorney David Stauss blogged Sunday.