California's Governor Newsom signs laws on right to repair and data deletion

'Digital emancipation proclamation' praised by tech tinkerers, but info brokers aren't happy

On Tuesday, California's Governor Gavin Newsom signed two law bills that give people more control over their devices and their data, the Right to Repair Act and the Delete Act.

With the signing of the Right to Repair Act (SB 244), California becomes the fourth state to enact such rules, following New York, Colorado, and Minnesota – or the third to focus specifically on electronic devices, given that Colorado's law addresses fixing farm equipment.

"I'm thrilled that the Governor has signed the Right to Repair Act into law," said California Senator Susan Eggman, who introduced the bill, in a statement. "As I’ve said all along, I’m so grateful to the advocates fueling this movement with us for the past six years, and the manufacturers that have come along to support Californians’ Right to Repair."

Indeed, Apple, which for years lobbied against repair requirements, offered a qualified endorsement of the bill in August. Cupertino's capitulation reflects the broad support for the right to repair around the US. In 2023, at least 30 states have introduced Right to Repair bills.

According to a survey conducted by Consumer Reports last year, 84 percent of Americans support policies that require vendors to make parts and documentation available to independent repair shops that cater to folks.

"This is not just legislation; it's a seismic shift in how we relate to our gadgets and who gets to fix them," said The Repair Association - a consortium of repairs businesses - in a statement on Tuesday. "This law marks a turning point, resembling a digital emancipation proclamation."

Easier access to electronics repairs reduces the financial burden of purchasing new items and the environmental impact of mining for materials to make electronics. Plus, people who buy equipment like to be able to get it repaired without paying whatever manufacturers deem fitting.

However, SB 244 is limited in its scope and does not entirely eliminate ways in which product makers can influence how repairs get handled. For example, it doesn't require that manufacturers disable security features – an issue in the past for shops trying to fix iPhone components tied to Face ID and Touch ID. And it only applies to products made in 2021 or later.

And on the privacy side

The Delete Act (SB 362), introduced by California Senator Josh Becker (D-Silicon Valley), requires that data brokers operating in the state register with the California Privacy Protection Agency (CPPA) and report the types of personal information that they collect or face penalties for non-compliance.

It also directs the three-year-old CPPA to create a web portal by 2026 where folks can submit a request, without charge, to all data brokers at once to remove their personal information. Similar paid subscription services like Abine's DeleteMe already exist as an alternative to the current onerous process, where data removal requests must be submitted to each data broker individually.

The Delete Act has been cited as a way for people to control data about their reproductive healthcare, geolocation, purchases, and other services. Such data has become more of a legal risk in certain states following the US Supreme Court's 2022 Dobbs v. Jackson decision that eliminated federal legal protection for abortion.

The Consumer Data Industry Association (CDIA), a data broker trade group, opposed the legislation.

"The bill undermines consumer fraud protections, hurts small businesses’ ability to compete, and solidifies the big platforms' data dominance," said Dan Smith, president and CEO of the CDIA, in a statement last month.

"It also empowers third parties to request to delete consumers’ data with no guardrails. That could incentivize a cottage industry of groups to mislead consumers into paying for services they don’t understand."

While Smith warns that the bill's authors underestimate the bill's fiscal impact on Californians, the legislation says that costs will be borne by data brokers, through the Data Brokers’ Registry fee and fines for non-compliance. ®

More about


Send us news

Other stories you might like