KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to California

SB-1104 • 2026

California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.

California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.

Children Elections Privacy Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Cabaldon
Last action
2026-05-14
Official status
May 14 hearing: Held in committee and under submission.
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.

SB 1104, as amended, Cabaldon.

What This Bill Does

  • SB 1104, as amended, Cabaldon.
  • California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.
  • Existing law, the California Consumer Privacy Act of 2018 (CCPA), grants to a consumer various rights with respect to personal information that is collected by a business.
  • Existing law generally requires businesses to make certain methods of communication available for consumers to submit personal information requests, including requests for deletion or correction.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-05-14 California Legislative Information

    May 14 hearing: Held in committee and under submission.

  2. 2026-05-12 California Legislative Information

    Set for hearing May 14.

  3. 2026-05-11 California Legislative Information

    May 11 hearing: Placed on APPR. suspense file.

  4. 2026-05-04 California Legislative Information

    Set for hearing May 11.

  5. 2026-04-23 California Legislative Information

    Read second time and amended. Re-referred to Com. on APPR.

  6. 2026-04-22 California Legislative Information

    From committee: Do pass as amended and re-refer to Com. on APPR. (Ayes 7. Noes 1. Page 3957.) (April 20).

  7. 2026-04-09 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on P., D.T., & C.P.

  8. 2026-04-09 California Legislative Information

    Set for hearing April 20.

  9. 2026-02-26 California Legislative Information

    Referred to Com. on P., D.T., & C.P.

  10. 2026-02-17 California Legislative Information

    From printer. May be acted upon on or after March 16.

  11. 2026-02-13 California Legislative Information

    Introduced. Read first time. To Com. on RLS. for assignment. To print.

Official Summary Text

SB 1104, as amended, Cabaldon.
California Consumer Privacy Act of 2018: data broker registration: accessible deletion mechanism.
Existing law, the California Consumer Privacy Act of 2018 (CCPA), grants to a consumer various rights with respect to personal information that is collected by a business.
Existing law generally requires businesses to make certain methods of communication available for consumers to submit personal information requests, including requests for deletion or correction. Existing law requires a business that does not operate exclusively online to make available to consumers at least 2 methods for submitting personal information requests, including, at a minimum, a toll-free telephone number and, if the business maintains an internet website, a website address.
This bill would require that a business that does not operate exclusively online make available to consumers an email address for submitting personal information requests.
Existing law, the California Privacy Rights Act of 2020 (CPRA), an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA.
Existing law requires a data broker to register with the agency, and defines “data broker” to mean a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions.
This bill would define a “direct relationship” as, among other things, when a consumer has intentionally interacted with a business for the purpose of obtaining information about, accessing, purchasing, using, or
requesting the business’s products or services. The bill would
provide that
specify circumstances when
a data broker does not have a “direct
relationship”
relationship,” including
if it sells personal information outside of a “first-party” interaction with the consumer. The bill would define a “first party” as a consumer-facing business with which the consumer intends and expects to interact.
Existing law requires a data broker, in registering with the agency, to provide specified information, including, among other things, whether the data broker collects the personal information of
minors or a consumer’s reproductive health care data.
Existing law requires the agency to establish an accessible deletion mechanism that, among other things, allows a consumer to request that a specified data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor.
This bill would require a data broker to provide additional information to the agency regarding whether the data broker sells inferences about the attributes of the consumer based on their analysis of specified data, including the personal information of minors and a consumer’s reproductive health care data.
Existing law requires the agency to establish an accessible deletion mechanism that, among other things, allows a consumer to request that a specified data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor.
Existing law establishes the Office of Data and Innovation (office) within the Government Operations Agency with a mission to deliver better government services to the people of California through technology and service innovation, data, and design.
This bill would require the
agency
office
to establish
an online tool
a privacy preference tool
to enable a consumer to define and store a privacy preference profile regarding data broker data collection and use
practices.
practices, among other things.
The bill would require the tool to, among other things,
identify and categorize registered data brokers whose practices are consistent or inconsistent with a consumer’s privacy preferences based on a data broker’s most recent registration disclosures to the agency.
evaluate relevant privacy, data management, and practice and policies against the consumer’s preference profile. The bill would require the office to make the online tool available to other state agencies, including the agency.
The bill would require the tool to permit the exclusion of brokers categorized as consistent from a deletion request, as provided, and would require the agency to store consumer profiles and notify consumers of specific data broker registration changes. The bill would authorize specified enforcement on a data broker who provides systematically incomplete information material to the privacy preference profile tool.
This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of
2020.

Current Bill Text

Read the full stored bill text 
Download Bill PDF