Sponsors
The bill gives individuals a simpler way to request deletion of their data and increases transparency and oversight of data brokers, but it centralizes sensitive information, may weaken stronger state protections, and creates compliance costs and disclosure gaps that could harm consumers.
Individuals — particularly uninsured people, low-income people, and people with disabilities — can submit a single deletion request to remove their personal data held by registered data brokers, increasing individual control over personal information.
The bill requires reasonable administrative, physical, and technical safeguards for the centralized deletion system, reducing some risk to personal information submitted for deletion.
Registered data brokers must appear in a public, machine-readable registry that discloses which entities collect personal data and their collection sources, improving transparency about data collection practices.
All Americans face increased risk because centralizing sensitive identifiers and contact data (even hashed) creates a high-value target: a breach could expose many individuals' data.
Residents of states with stronger privacy laws could lose protections because the bill preempts inconsistent state privacy laws, creating a weaker national floor in some places.
Data brokers will face higher compliance costs (registration, hashing, audits, deletion timelines, fees) that are likely passed on to consumers and small-business clients through higher prices or fees.
Based on analysis of 2 sections of legislative text.
Requires the FTC to create an annual data-broker registry and a centralized portal to let individuals request deletion and opt-out of future collection across registered brokers.
Introduced April 2, 2025 by Lori Trahan · Last progress April 2, 2025
Creates an FTC-run system requiring data brokers to register annually and letting people submit a single deletion/opt-out request to remove their personal information from participating brokers. The FTC must write rules within one year and set up a centralized, secure portal; brokers must register within 18 months and provide standardized information (with some trade-secret protections). The system must allow individuals to request deletion of persistent identifiers and stop future collection unless they opt otherwise, and the FTC must publish registration data in machine-readable form unless disclosure would harm public safety or welfare. The law includes security and disclosure safeguards and allows limited protection for trade secrets.