KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to California

SB-1104 • 2026

California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.

California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.

Children Elections Privacy Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Cabaldon
Last action
2026-04-23
Official status
Read second time and amended. Re-referred to Com. on APPR.
Effective date
Not listed

Plain English Breakdown

The official source material does not support the claim about creating an online tool for setting privacy preferences. The bill summary and digest mention establishing a privacy preference tool, but it appears there might be discrepancies or additional details in the full text that are not reflected in the provided summaries.

California Consumer Privacy Act: Data Broker Rules

The bill updates rules for businesses that collect personal information, requiring them to provide an email address for consumer requests and adding requirements for data brokers.

What This Bill Does

  • Requires businesses not operating exclusively online to give consumers an email address for submitting requests about their personal information.
  • Defines a 'direct relationship' between a business and a consumer as when the consumer interacts with the business intentionally, like buying products or services.
  • Specifies that data brokers do not have a direct relationship if they sell personal information outside of interactions expected by the consumer.
  • Requires data brokers to provide more details about selling inferences based on collected data, especially for minors and reproductive health care data.

Who It Names or Affects

  • Businesses that collect personal information from California residents
  • Data brokers who sell consumer data to third parties

Terms To Know

Direct relationship
When a business and a consumer interact intentionally, like when buying products or services.
First party
A company that consumers expect to interact with directly for their needs.

Limits and Unknowns

  • The bill does not specify how the new requirements will be enforced.
  • It is unclear when or if this bill will become law after its current status.

Bill History

  1. 2026-04-23 California Legislative Information

    Read second time and amended. Re-referred to Com. on APPR.

  2. 2026-04-22 California Legislative Information

    From committee: Do pass as amended and re-refer to Com. on APPR. (Ayes 7. Noes 1.) (April 20).

  3. 2026-04-09 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on P., D.T., & C.P.

  4. 2026-04-09 California Legislative Information

    Set for hearing April 20.

  5. 2026-02-26 California Legislative Information

    Referred to Com. on P., D.T., & C.P.

  6. 2026-02-17 California Legislative Information

    From printer. May be acted upon on or after March 16.

  7. 2026-02-13 California Legislative Information

    Introduced. Read first time. To Com. on RLS. for assignment. To print.

Official Summary Text

SB 1104, as amended, Cabaldon.
California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.
Existing law, the California Consumer Privacy Act of 2018 (CCPA), grants to a consumer various rights with respect to personal information that is collected by a business.
Existing law generally requires businesses to make certain methods of communication available for consumers to submit personal information requests, including requests for deletion or correction. Existing law requires a business that does not operate exclusively online to make available to consumers at least 2 methods for submitting personal information requests, including, at a minimum, a toll-free telephone number and, if the business maintains an internet website, a website address.
This bill would require that a business that does not operate exclusively online make available to consumers an email address for submitting personal information requests.
Existing law, the California Privacy Rights Act of 2020 (CPRA), an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA.
Existing law requires a data broker to register with the agency, and defines “data broker” to mean a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions.
This bill would define a “direct relationship” as, among other things, when a consumer has intentionally interacted with a business for the purpose of obtaining information about, accessing, purchasing, using, or
requesting the business’s products or services. The bill would
provide that
specify circumstances when
a data broker does not have a “direct
relationship”
relationship,” including
if it sells personal information outside of a “first-party” interaction with the consumer. The bill would define a “first party” as a consumer-facing business with which the consumer intends and expects to interact.
Existing law requires a data broker, in registering with the agency, to provide specified information, including, among other things, whether the data broker collects the personal information of
minors or a consumer’s reproductive health care data.
Existing law requires the agency to establish an accessible deletion mechanism that, among other things, allows a consumer to request that a specified data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor.
This bill would require a data broker to provide additional information to the agency regarding whether the data broker sells inferences about the attributes of the consumer based on their analysis of specified data, including the personal information of minors and a consumer’s reproductive health care data.
Existing law requires the agency to establish an accessible deletion mechanism that, among other things, allows a consumer to request that a specified data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor.
Existing law establishes the Office of Data and Innovation (office) within the Government Operations Agency with a mission to deliver better government services to the people of California through technology and service innovation, data, and design.
This bill would require the
agency
office
to establish
an online tool
a privacy preference tool
to enable a consumer to define and store a privacy preference profile regarding data broker data collection and use
practices.
practices, among other things.
The bill would require the tool to, among other things,
identify and categorize registered data brokers whose practices are consistent or inconsistent with a consumer’s privacy preferences based on a data broker’s most recent registration disclosures to the agency.
evaluate relevant privacy, data management, and practice and policies against the consumer’s preference profile. The bill would require the office to make the online tool available to other state agencies, including the agency.
The bill would require the tool to permit the exclusion of brokers categorized as consistent from a deletion request, as provided, and would require the agency to store consumer profiles and notify consumers of specific data broker registration changes. The bill would authorize specified enforcement on a data broker who provides systematically incomplete information material to the privacy preference profile tool.
This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of
2020.

Current Bill Text

Read the full stored bill text 
Download Bill PDF