A new law considered among the strictest in the United States regarding data privacy took effect in California at the start of the year, aiming to empower residents to control their personal information held by data brokers. The California Privacy Protection Agency estimates that over 500 companies actively collect and sell individuals' data to various entities, including marketers and private investigators.

Consumer Watchdog reported in 2024 that these brokers gather information from diverse sources, such as automakers, tech companies, and fast-food chains, compiling data on individuals' finances, purchases, family situations, eating habits, exercise routines, travel, and entertainment preferences. The new law builds upon the Delete Act, enacted two years prior, which mandated data brokers to provide residents with access to their data and the ability to request its deletion.

The California law reflects a growing global trend towards stricter data protection regulations. The European Union's General Data Protection Regulation (GDPR), implemented in 2018, set a precedent for comprehensive data privacy laws, granting individuals significant control over their personal data and imposing hefty fines for non-compliance. Similar laws have since been enacted in countries around the world, including Brazil (Lei Geral de Proteção de Dados Pessoais - LGPD) and India (Personal Data Protection Bill).

While proponents of the California law argue it is a crucial step in protecting consumer privacy, some industry analysts express concerns about its potential impact on businesses that rely on data for marketing and advertising. They argue that overly strict regulations could stifle innovation and limit the ability of companies to personalize services for consumers. The law's effectiveness in curbing data broker activities and its broader economic consequences remain to be seen.