Iowa Data Privacy & Data Broker Removal

Iowa has a comprehensive privacy law that gives you the right to access, delete, and control your personal data. Here is how those rights work in practice and how to remove yourself from data brokers.

Your rights in Iowa

Iowa residents are protected by the Iowa Consumer Data Protection Act (Iowa CDPA) (Iowa Code ch).

• Right to Access & Know — Request a copy of the personal information a company holds about you.
• Right to Delete — Ask a company to delete your personal information.
• Right to Data Portability — Get your data in a portable format you can take to another service.
• Right to Opt Out of Sale — Tell a company to stop selling your personal information.
• Right to Opt Out of Targeted Advertising — Stop companies from targeting you with ads based on your personal data.

Does this cover the company that has my data?

Most companies that collect or sell personal data in Iowa are likely covered.

Controls/processes the personal data of 100,000+ Iowa consumers, Or 25,000+ consumers And derives more than 50% of gross revenue from the sale of personal data.

How to remove yourself from data brokers in Iowa

Your state law gives you the right to request deletion — but exercising it across hundreds of brokers takes real effort. Here are the most effective steps, in order.

1. Enable Global Privacy Control

Global Privacy Control is a free browser setting that automatically tells every website you visit not to sell or share your data. It takes two minutes to enable and works silently in the background on every site. Iowa does not mandate it yet, but most major companies honor it voluntarily because they must comply with California's law anyway.

2. Submit direct opt-out requests

For brokers not covered by the registry or GPC, you can submit requests directly. Look for the "Do Not Sell My Personal Information" link in each company's website footer — most major brokers have one. You can also submit formal access, deletion, or correction requests through each company's privacy policy page.

Under Iowa's law, covered companies must respond within the statutory deadline. If they don't, you have grounds to file a complaint with the Iowa Attorney General.

3. Automate ongoing removal

Here is the part nobody tells you: even after you complete every step above, brokers re-ingest your information from public records, data-sharing networks, and commercial databases. Within a few months, your profiles reappear. Staying removed from hundreds of brokers is not a one-time task — it is an ongoing commitment that most people cannot maintain manually.

Iowa's data broker law: what it means for you

Iowa does not have a dedicated data-broker registry. Most national data brokers are registered in California and honor opt-out requests from residents of any state — but without a Iowa-specific law requiring it, you have no legal recourse if a broker ignores your request. Services like Delist handle this across states and brokers in one place.

Other privacy protections in Iowa

Beyond the comprehensive privacy law, Iowa has additional protections that may apply to you:

• Address Confidentiality Program (Safe at Home) administered by the Iowa Secretary of State for survivors of domestic violence/sexual assault/stalking.
• Breach notification (Iowa Code § 715C).
• No Daniel's-Law-style statute identified.
• Biometric data — No standalone biometric statute with a private right of action.

How to file a privacy complaint in Iowa

Iowa Attorney General, Consumer Protection Division — https://www.iowaattorneygeneral.gov/for-consumers

Most state agencies enforce privacy laws in the aggregate — they investigate patterns of violations rather than resolving individual disputes. Filing a complaint still matters: it creates a record that helps trigger enforcement actions.

Frequently asked questions

Sources

• pro.bloomberglaw.com
• mintz.com
• iowaattorneygeneral.gov