How to Opt Out of Data Brokers in Delaware

Delaware residents gained significant privacy protections when the Delaware Personal Data Privacy Act (DPDPA) took effect on January 1, 2025. The law gives you the right to opt out of data sales, targeted advertising, and profiling, and it requires businesses to honor universal opt-out signals like Global Privacy Control. Here is how to use these rights to remove your personal information from data brokers operating in Delaware.

The Delaware Personal Data Privacy Act: What You Need to Know

The DPDPA was signed into law as HB 154, with most provisions taking effect on January 1, 2025. It applies to entities that process the personal data of at least 35,000 Delaware consumers, or at least 10,000 consumers if more than 20% of the entity's revenue comes from data sales. This threshold captures the vast majority of data brokers and people search sites that profit from collecting and selling your personal information.

The law initially included a 60-day cure period that allowed businesses to fix violations before facing penalties. That cure period expired on December 31, 2025, meaning businesses can now face enforcement action immediately upon violation.

Your Rights Under the DPDPA

As a Delaware resident, you have the right to:

• Access the personal data a business has collected about you
• Correct inaccuracies in your personal data
• Delete your personal data
• Obtain a portable copy of your data in a commonly used format
• Opt out of the sale of your personal data
• Opt out of targeted advertising
• Opt out of profiling that produces legal or similarly significant effects

Step 1: Enable Global Privacy Control in Your Browser

One of the strongest features of the DPDPA is its recognition of universal opt-out mechanisms. As of January 1, 2026, all covered businesses in Delaware must honor browser-level opt-out signals, primarily Global Privacy Control (GPC). When enabled, GPC automatically tells every website you visit not to sell or share your personal data.

How to Enable GPC

GPC is available in several privacy-focused browsers and extensions:

• Firefox: Go to Settings, then Privacy and Security, and enable "Tell websites not to sell or share my data."
• Brave: GPC is enabled by default. Verify under Settings, then Shields, then Global Privacy Control.
• DuckDuckGo Browser: GPC is enabled by default on both desktop and mobile versions.
• Browser Extensions: If you use Chrome, Safari, or Edge, install the Privacy Badger or DuckDuckGo Privacy Essentials extension, both of which support GPC.

Once GPC is active, every website you visit receives your opt-out signal automatically. Under Delaware law, covered businesses must treat this signal the same as a manual opt-out request. This is the single most efficient step you can take to protect your ongoing privacy.

Step 2: Find Your Information on Data Broker Sites

Search for yourself on Google and on the major people search platforms to identify which data brokers have your information. Use your full name, city, phone number, and any former addresses as search terms. Common data brokers that list Delaware residents include:

• Spokeo
• Whitepages
• BeenVerified
• Intelius
• TruePeopleSearch
• PeopleFinders
• Radaris
• FastPeopleSearch
• Nuwber
• MyLife

Make a detailed list of every site where your personal information appears. You will need to submit a separate opt-out request to each one, as Delaware does not currently have a centralized data broker registry or a single portal for deletion requests.

Step 3: Submit Individual Opt-Out and Deletion Requests

Each data broker has its own removal process. The general steps are:

1. Find the opt-out page. Look for a "Do Not Sell My Personal Information" link, a privacy policy page, or a dedicated opt-out form, usually in the website footer.
2. Locate your profile. Search for yourself on the broker's site and copy the URL of your listing.
3. Submit the removal request. Fill out the opt-out form with your identifying information and the profile URL.
4. Verify your identity. Most brokers require email or phone verification before they process the request.
5. Wait for processing. Removal times range from 24 hours to 30 days depending on the broker.
6. Follow up. Check back after the stated processing period to confirm your listing has been removed.

When submitting your request, explicitly reference the Delaware Personal Data Privacy Act. State that you are a Delaware resident exercising your right to opt out of the sale of your personal data and to delete your information under the DPDPA. This puts the business on legal notice and triggers their compliance obligations.

Step 4: File a Complaint If a Broker Refuses

The DPDPA is enforced exclusively by the Delaware Department of Justice. There is no private right of action, meaning you cannot sue a data broker directly for violating the law. However, the DOJ takes consumer complaints seriously and can impose civil penalties of up to $10,000 per violation.

If a data broker ignores your request, provides an inadequate response, or fails to process your opt-out, you can file a complaint through the Delaware privacy portal at privacy.delaware.gov or by emailing privacy@delaware.gov. Include your original request, any responses received, and the relevant dates so the DOJ can investigate efficiently.

Data Protection Assessments and Accountability

The DPDPA also requires businesses that process data on a large scale to take your privacy seriously behind the scenes. Starting July 1, 2025, controllers that process the personal data of 100,000 or more consumers must conduct Data Protection Assessments for activities that present a heightened risk, including targeted advertising, data sales, and profiling. These assessments ensure that businesses are evaluating and mitigating the privacy risks of their data practices, not just responding to individual opt-out requests.

This requirement means the companies that handle your data are legally obligated to scrutinize their own practices and document how they protect consumer privacy. While you may never see these assessments directly, they create a layer of corporate accountability that benefits every Delaware resident.

The Scale of the Problem

There are over 100 data broker sites that may hold your personal information. Each one has its own opt-out form, verification process, and processing timeline. A single round of manual opt-outs can take 20 to 40 hours, and because brokers continuously re-collect and re-list your data, the process must be repeated regularly. For most people, sustaining this level of effort month after month is simply not realistic.

Let PrivacyOn Handle the Opt-Outs for You

PrivacyOn automates data broker removal across more than 100 sites, including all the major brokers that list Delaware residents. We submit opt-out requests on your behalf, continuously monitor for re-listings, and re-submit removal requests whenever your information reappears. Our service also includes dark web monitoring to alert you if your data surfaces in places where no opt-out request can reach.

The DPDPA gives Delaware residents real legal rights, but exercising those rights across the entire data broker landscape is a significant ongoing commitment. PrivacyOn handles that work for you so you can enjoy the privacy protections the law was designed to deliver. Family plans cover up to five people, keeping your entire household protected under one subscription.

Between Global Privacy Control, individual opt-out requests, the Delaware DOJ's enforcement authority, and PrivacyOn's automated removal service, Delaware residents have every tool they need to take their personal data back from the brokers who profit from it.