Account cancellation.
- Requires large social platforms earning over $100M to provide a clear Delete Account button.
- Provides steps to delete the account and information and prohibits dark patterns.
- Enforcement relies on the CCPA; no new penalties or state funding are created.
Schiavo, joined by Lowenthal, proposes a new civil code framework that would require large social media platforms to provide a clearly labeled Delete Account button and a guided flow for terminating both the account and associated personal information, with the deletion request aligned to California’s privacy law. The scope applies to platforms that generate more than $100 million in annual gross revenues, and the new provisions would sit alongside existing definitions for clear and conspicuous interfaces, dark patterns, personal information, and social media platforms.
Under the proposal, the Delete Account button must be prominently placed in settings and accessible across apps and browsers. When activated, platforms would provide steps to complete the deletion and to remove personal information; verification must be cost-effective and user-friendly via methods such as two-factor authentication, email, text, or phone confirmation. Platforms would be prohibited from obstructing deletion or using dark patterns, and a deletion request would be treated as a deletion request under the California Privacy Act and processed accordingly. A user login after submitting a deletion request would not automatically revoke the request.
Enforcement is not separate from existing law; the bill does not create new penalties or a dedicated enforcement agency. Instead, deletion requests would be processed under the California Privacy Act’s deletion provisions. The act does not specify an explicit effective date or funding, but it does specify severability and a prohibition on waivers. The applicability hinges on the revenue threshold and the cross-reference to existing definitions.
Findings accompanying the measure cite concerns about adolescent risk and the potential for addictive use of digital platforms, along with concerns that deletion interfaces vary and may employ obfuscation. Stakeholders include platforms subject to the rule, users seeking straightforward deletion, and privacy regulators interpreting CCPA-related obligations. The proposal would integrate the delete-account workflow with the state’s privacy rights framework, potentially affecting how platforms design user interfaces and manage data deletion across devices and formats, while leaving existing privacy enforcement channels in place.
 Josh LowenthalD Assemblymember | Bill Author |  Not Contacted | |
 Pilar SchiavoD Assemblymember | Bill Author | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 77 | 0 | 3 | 80 | PASS |
- Requires large social platforms earning over $100M to provide a clear Delete Account button.
- Provides steps to delete the account and information and prohibits dark patterns.
- Enforcement relies on the CCPA; no new penalties or state funding are created.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Schiavo, joined by Lowenthal, proposes a new civil code framework that would require large social media platforms to provide a clearly labeled Delete Account button and a guided flow for terminating both the account and associated personal information, with the deletion request aligned to California’s privacy law. The scope applies to platforms that generate more than $100 million in annual gross revenues, and the new provisions would sit alongside existing definitions for clear and conspicuous interfaces, dark patterns, personal information, and social media platforms.
Under the proposal, the Delete Account button must be prominently placed in settings and accessible across apps and browsers. When activated, platforms would provide steps to complete the deletion and to remove personal information; verification must be cost-effective and user-friendly via methods such as two-factor authentication, email, text, or phone confirmation. Platforms would be prohibited from obstructing deletion or using dark patterns, and a deletion request would be treated as a deletion request under the California Privacy Act and processed accordingly. A user login after submitting a deletion request would not automatically revoke the request.
Enforcement is not separate from existing law; the bill does not create new penalties or a dedicated enforcement agency. Instead, deletion requests would be processed under the California Privacy Act’s deletion provisions. The act does not specify an explicit effective date or funding, but it does specify severability and a prohibition on waivers. The applicability hinges on the revenue threshold and the cross-reference to existing definitions.
Findings accompanying the measure cite concerns about adolescent risk and the potential for addictive use of digital platforms, along with concerns that deletion interfaces vary and may employ obfuscation. Stakeholders include platforms subject to the rule, users seeking straightforward deletion, and privacy regulators interpreting CCPA-related obligations. The proposal would integrate the delete-account workflow with the state’s privacy rights framework, potentially affecting how platforms design user interfaces and manage data deletion across devices and formats, while leaving existing privacy enforcement channels in place.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 77 | 0 | 3 | 80 | PASS |
Josh LowenthalD Assemblymember | Bill Author | Not Contacted | |
Pilar SchiavoD Assemblymember | Bill Author | Not Contacted |