DELETE Act
Sponsored By: Senator Bill Cassidy
Introduced
Summary
A centralized deletion system giving people a one-stop way to ask data brokers to erase personal information and stop future collection. This bill would create an FTC‑administered national website and hashed registries to match a single deletion request to all registered data brokers, require standardized forms and persistent identifiers, and give the Federal Trade Commission authority to write rules and enforce compliance.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
5 provisions identified: 2 benefits, 1 costs, 2 mixed.
One-stop deletion for your data
If enacted, you would be able to submit one online deletion request to remove your personal data from all registered data brokers. The FTC would have 1 year to write rules and set up the online system. The form would ask for email, phone, address, and other identifiers. The system would salt and hash submissions and keep separate hashed registries. You would not be charged to make a deletion request. Brokers must check the registries at least every 31 days and delete matched records within 31 days after checking, starting no later than 8 months after the rules take effect.
Data broker registration and fees
If enacted, data brokers would have to register with the FTC within 18 months and renew each year. Brokers must give contact details, describe their data types and sources, and follow a standardized disclosure form. Brokers that keep persistent identifiers would pay an annual subscription fee to access the centralized system. The fee could not exceed 1% of the system's expected yearly operating cost. Amounts collected would be available to the FTC without further appropriation to run and enforce the law.
FTC enforcement and state preemption
If enacted, violations would be treated as unfair or deceptive acts under the FTC Act, letting the FTC use its usual enforcement powers. The FTC would be required to write rules under federal rulemaking procedures. The bill would preempt state privacy laws only when they conflict with this act. State laws that give more protection to people would still stand.
Broker audits and limited retention
If enacted, every registered data broker would undergo an independent third-party audit within 3 years and every 3 years after. Brokers must give audit reports to the FTC within 6 months and keep audit materials for at least 6 years. Brokers could only retain personal data in narrow cases, like compliant human-subjects research, legal obligations, or other enumerated exceptions. Any retained data must be used only for the stated purpose and not for marketing.
Who counts as a data broker
If enacted, the bill would define a 'data broker' as an entity that collects personal information about someone without a direct customer relationship and then sells or shares it. The law would list many types of personal information covered, such as names, addresses, IP addresses, geolocation, biometric data, browsing history, and financial data. It would also list several exclusions, like consumer reporting agencies, news reporting, identity verification, and certain directory services.
Sponsors & CoSponsors
Sponsor
Bill Cassidy
LA • R
Cosponsors
Jon Ossoff
GA • D
Sponsored 4/3/2025
Sen. Luján, Ben Ray [D-NM]
NM • D
Sponsored 4/3/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in