Oregon Data Privacy & Data Broker Removal
Oregon has both a comprehensive privacy law and a data-broker registry — putting it in the top tier of US states for privacy protections. Here is what that means for you and how to use it.
Your rights in Oregon
Oregon residents are protected by the Oregon Consumer Privacy Act (OCPA).
- Right to Access & Know — Request a copy of the personal information a company holds about you.
- Right to Correct — Request corrections to inaccurate personal information.
- Right to Delete — Ask a company to delete your personal information.
- Right to Data Portability — Get your data in a portable format you can take to another service.
- Right to Opt Out of Sale — Tell a company to stop selling your personal information.
- Right to Opt Out of Targeted Advertising — Stop companies from targeting you with ads based on your personal data.
- Right to Opt Out of Profiling — Stop companies from building a behavioral profile about you.
- Obtain list of SPECIFIC third parties to whom data was disclosed (uniquely strong)
- Right to Appeal — Challenge a company's decision to deny your privacy request.
Does this cover the company that has my data?
Most companies that collect or sell personal data in Oregon are likely covered.
Controls/processes personal data of 100,000+ Or consumers (excluding payment-transaction-only data), Or 25,000+ consumers And derives 25%+ of annual gross revenue from selling personal data. Notably reaches some nonprofits (from July 1, 2025).
How to remove yourself from data brokers in Oregon
Oregon gives you more tools than most states. Here is how to use them, ordered from strongest to most practical.
1. Use the data-broker registry
Oregon requires data brokers to register with the state. The public registry lets you see exactly which companies are collecting and selling your information — and gives you a starting point for individual opt-out requests. Unlike California, Oregon does not yet offer a single-request deletion mechanism, so you will need to contact each broker separately.
2. Enable Global Privacy Control
Global Privacy Control is a free browser setting that automatically tells every website you visit not to sell or share your data. It takes two minutes to enable and works silently in the background on every site. Oregon law requires covered businesses to honor it — so this is not just a request, it carries legal weight.
3. Submit direct opt-out requests
For brokers not covered by the registry or GPC, you can submit requests directly. Look for the "Do Not Sell My Personal Information" link in each company's website footer — most major brokers have one. You can also submit formal access, deletion, or correction requests through each company's privacy policy page.
Under Oregon's law, covered companies must respond within the statutory deadline. If they don't, you have grounds to file a complaint with the Oregon Attorney General.
4. Automate ongoing removal
Here is the part nobody tells you: even after you complete every step above, brokers re-ingest your information from public records, data-sharing networks, and commercial databases. Within a few months, your profiles reappear. Staying removed from hundreds of brokers is not a one-time task — it is an ongoing commitment that most people cannot maintain manually.
Delist finds your exposed data and files removals on your behalf — then monitors so it stays down. Start with a free scan to see where your information is exposed.
Run a free scan →Oregon's data broker law: what it means for you
Oregon requires data brokers to register with the state. The registry gives you visibility into who is collecting and selling your information — and a starting point for individual opt-out requests.
- Effective July 27, 2023; brokers must register before collecting/selling/licensing brokered personal data, with registration required by January 1, 2024.
- Fee: $600.00 for registration and annual renewal (non-refundable).
- Register at https://ordcbs.mylicense.com/eGov/.
- Public registry: https://dfr.oregon.gov/business/licensing/data-broker-registry/.
- There is NO centralized single-deletion mechanism — Oregon residents must contact each registered broker individually to opt out/delete (contrast with California's DROP).
Other privacy protections in Oregon
Beyond the comprehensive privacy law, Oregon has additional protections that may apply to you:
- OCPA's right to a list of SPECIFIC third-party recipients is distinctive (most states only require categories).
- Address Confidentiality Program administered by the OR Department of Justice for DV/stalking/sexual-assault survivors.
- Heightened minors' protections (opt-in for known consumers under 16).
- No Daniel's-Law analogue identified.
- Biometric data — No standalone biometric statute with a private right of action (biometric data is 'sensitive data' under the OCPA).
How to file a privacy complaint in Oregon
Oregon Department of Justice, Consumer Protection — https://www.doj.state.or.us/consumer-protection/ ; Data-broker registry questions: DCBS Division of Financial Regulation, dfr.ndp.licensing@dcbs.oregon.gov
Most state agencies enforce privacy laws in the aggregate — they investigate patterns of violations rather than resolving individual disputes. Filing a complaint still matters: it creates a record that helps trigger enforcement actions.
Frequently asked questions
Does Oregon have a data privacy law?
Can I sue a company for violating my privacy in Oregon?
How do I opt out of data brokers in Oregon?
Does Oregon require websites to honor Global Privacy Control?
Is there a data broker registry in Oregon?
Sources
This page is privacy-rights information, not legal advice. Privacy law changes frequently; verify current rules with your state privacy agency or a licensed attorney before acting. Last verified 2026-06-22. We re-check state privacy laws quarterly.