Texas Data Privacy Rights and Data Brokers (TDPSA 2026 Guide)
Texas's Data Privacy and Security Act (TDPSA) took effect July 1, 2024, giving over 30 million Texas residents the right to demand deletion from data brokers. This guide explains TDPSA rights, how they compare to California CCPA, and the formal language to use when opt-outs are resisted.
Texas enacted the Texas Data Privacy and Security Act (TDPSA) in June 2023, with an effective date of July 1, 2024. Texas is now one of the largest US states with a comprehensive consumer privacy law, creating meaningful rights for over 30 million Texas residents to control how companies collect, use, and sell their personal data. This guide explains what TDPSA means for Texas residents dealing with data brokers.
What the Texas Data Privacy and Security Act Covers
TDPSA creates rights for Texas consumers and obligations for businesses that process their personal data. The law covers businesses that:
- Conduct business in Texas or produce products/services targeted to Texas residents, AND
- Process the personal data of at least 100,000 consumers annually, OR
- Process personal data of at least 25,000 consumers and derive 25%+ of gross revenue from selling personal data
Most major data brokers meet these thresholds because of their large-scale data processing operations.
Your Core Rights Under TDPSA
Right to Know: Texas residents can ask companies what categories of personal data they are processing and how it is being used.
Right to Access: You can request a copy of the specific personal data a company holds about you.
Right to Delete: You can demand deletion of personal data you have provided to or that has been collected about you. The company must respond within 45 days, with one possible 45-day extension.
Right to Correct: You can request correction of inaccurate personal data.
Right to Opt Out of Sale: You can opt out of having your personal data sold to third parties.
Right to Opt Out of Targeted Advertising: You can opt out of having your data used for targeted advertising.
Right to Opt Out of Profiling: For profiling that produces legal or similarly significant effects, you have opt-out rights.
How TDPSA Compares to CCPA
| Feature | Texas TDPSA | California CCPA/CPRA |
|---|---|---|
| Right to know | Yes | Yes |
| Right to delete | Yes | Yes |
| Right to correct | Yes | Yes |
| Opt out of sale | Yes | Yes |
| Opt out of profiling | Yes (significant effects) | Yes |
| Sensitive data restrictions | Yes | Yes (stronger) |
| Private right of action | No (AG enforcement only) | Limited (data breach) |
| Data broker registry | No | Yes (2026) |
| Single deletion platform | No | Yes (planned 2026) |
| Enforcement | Texas AG | California CPPA |
Texas's rights are broadly comparable to California's, with the key difference that Texas residents cannot sue data brokers directly — enforcement is through the Texas Attorney General's office.
How to Exercise TDPSA Deletion Rights Against Data Brokers
The process for Texas residents is straightforward:
Step 1: Identify data brokers subject to TDPSA
Major data brokers (WhitePages, Spokeo, BeenVerified, Intelius, TruthFinder, Radaris) all process data of hundreds of thousands to millions of Texas residents and are clearly subject to TDPSA.
Step 2: Submit deletion requests
Most data broker opt-out forms are designed to comply with TDPSA and CCPA simultaneously. Use the standard opt-out forms on each site. For sites that add friction or deny requests, send a formal request citing TDPSA:
"Pursuant to the Texas Data Privacy and Security Act (TDPSA), Texas Business and Commerce Code Chapter 541, I am requesting deletion of all personal data you have collected, maintained, or shared about me as a Texas resident. Please confirm receipt and expected deletion timeline."
Step 3: Escalate non-compliance
If a data broker does not respond within 45 days (or 90 days with extension notice), file a complaint with the Texas Attorney General's Consumer Protection Division at texasattorneygeneral.gov.
TDPSA Sensitive Data Protections
TDPSA provides heightened protections for sensitive personal data categories. Companies cannot process sensitive data without opt-in consent. Sensitive categories include:
- Racial or ethnic origin
- Religious beliefs
- Mental or physical health diagnosis
- Sexual orientation
- Citizenship or immigration status
- Genetic or biometric data used for identification
- Children's data (under 13)
- Precise geolocation data
For data brokers that have inferred sensitive attributes about Texas residents (a practice documented in the FTC's 2024 report), these protections are directly applicable.
Texas Data Broker Registration Requirements
Unlike California's Delete Act, Texas's TDPSA does not require data brokers to maintain a public registry. However, Texas has a separate data broker registration law (Texas Business and Commerce Code Chapter 503) that requires data brokers to:
- Register annually with the Texas Secretary of State
- Pay a registration fee
- Provide basic information about their operations
This registry is primarily a registration requirement rather than a consumer rights mechanism, but it creates a public list of data brokers legally operating in Texas that consumers can reference.
Practical Steps for Texas Residents
For comprehensive data broker removal, the TDPSA gives you legal standing to demand deletion from all major brokers. Use the standard opt-out forms (which comply with TDPSA) or cite TDPSA explicitly if you encounter resistance.
For ongoing monitoring, data reappears on most sites within 60–90 days as public records are re-ingested. Either use a service that handles ongoing monitoring or set a quarterly reminder to re-check priority sites.
OfflistMe removes your data from 500+ data brokers including all major Texas-registered brokers. One-time pricing starts at $7.00. Start your removal here.
Frequently Asked Questions
Does TDPSA apply to non-Texas companies that have my data?
Yes. TDPSA applies to any company that conducts business in Texas or produces products/services targeted to Texas residents — regardless of where the company is headquartered. A data broker headquartered in New York that has profiles on Texas residents is subject to TDPSA.
Can I sue a data broker in Texas for TDPSA violations?
No direct private right of action exists under TDPSA. Enforcement is exclusively through the Texas Attorney General. You can file a complaint with the AG's Consumer Protection Division, which may investigate and take enforcement action.
How long does a data broker have to comply with my TDPSA deletion request?
45 days from receipt of the request, with one possible 45-day extension if the company notifies you that additional time is needed and explains why.
What if a Texas data broker says I am not a Texas resident?
You do not need to prove Texas residency to the data broker — the company bears the burden of verifying your request. If a broker incorrectly denies your Texas residency claim, file a complaint with the Texas AG's office.
Does TDPSA cover data brokers that only sell business-to-business data?
TDPSA focuses on "consumers" (individuals acting for personal purposes) rather than business-to-business transactions. Pure B2B data brokers may argue they are outside TDPSA's scope. However, for data brokers that sell both consumer and B2B data (which includes most major brokers), the consumer-facing portion of their operations is subject to TDPSA.
How Texas TDPSA Compares to CCPA
California's CCPA (and its 2023 expansion under CPRA) remains the strongest state privacy law in the US by several measures. Texas TDPSA gives residents comparable rights in most areas but lacks some of the enforcement infrastructure and consumer tools that California has built out.
| Feature | Texas TDPSA | California CCPA/CPRA |
|---|---|---|
| Effective date | July 1, 2024 | January 1, 2020 (CCPA); Jan 1, 2023 (CPRA) |
| Right to know | Yes | Yes |
| Right to delete | Yes (45-day response window) | Yes (45-day response window) |
| Right to correct | Yes | Yes (added by CPRA) |
| Right to opt out of sale | Yes | Yes |
| Right to opt out of profiling | Yes (significant effects only) | Yes (broader scope) |
| Sensitive data: opt-in required | Yes | Yes (stronger protections under CPRA) |
| Private right of action | No (AG-only enforcement) | Limited (data breach only) |
| Dedicated enforcement agency | No (Texas AG handles it) | Yes — California Privacy Protection Agency (CPPA) |
| Data broker registry | No | Yes — mandated under AB 1202, expanded by Delete Act (SB 362) |
| Single opt-out portal for brokers | No | Yes — planned under Delete Act for 2026 |
| Universal opt-out signal | No requirement | Yes — must honor Global Privacy Control (GPC) |
| Cure period for violations | Yes (30 days) | Limited under CPRA |
What this means in practice for Texas residents:
The biggest functional difference is enforcement. California has a dedicated agency (CPPA) with a budget and staff dedicated to privacy enforcement. Texas enforcement runs through the AG's Consumer Protection Division, which handles all consumer complaints statewide. The practical result is that California data broker violations are more likely to be investigated and result in fines.
The absence of a data broker registry in Texas also matters. California's Delete Act will create a portal where California residents can submit a single opt-out request that covers all registered brokers. Texas has no equivalent — Texas residents must submit separate opt-out requests to each broker individually, or use a service that handles this.
Despite these gaps, Texas TDPSA is substantively strong. The right to deletion with a 45-day response window, the right to opt out of sale, and the sensitive data protections are all meaningful and enforceable. Texas residents who exercise their rights have genuine legal recourse.
How to Exercise Your Texas Privacy Rights in Practice
Knowing your rights is step one. Actually exercising them against data brokers is where most people get stuck. Here is a practical workflow for Texas residents.
Identify the brokers you want to target
Start with the five highest-traffic people-search sites: WhitePages, Spokeo, BeenVerified, Intelius, and FastPeopleSearch. These sites are responsible for the majority of exposure when someone Googles your name. All five are subject to TDPSA and have established opt-out processes.
Use the standard opt-out forms first
Most major data broker opt-out forms are designed to comply simultaneously with CCPA, TDPSA, and other state privacy laws. The standard form submission is usually sufficient. Go to each site's opt-out page, search for your profile, and submit the removal request.
Escalate to a formal TDPSA request when needed
If a data broker's standard opt-out form is broken, unresponsive, or returns an error, send a formal written request via email or postal mail. Include the following language:
"Pursuant to the Texas Data Privacy and Security Act (TDPSA), Texas Business and Commerce Code Chapter 541, I am a Texas resident requesting deletion of all personal data you hold about me, including but not limited to my name, address, phone number, email address, and any associated profile data. Please confirm receipt of this request and the expected deletion timeline within 10 business days."
Send to the company's designated privacy contact — typically found in the footer of their privacy policy under "Contact Us" or "Data Requests."
Track your submissions
Create a simple spreadsheet with columns for: site name, date submitted, confirmation received (yes/no), and date to re-check. Without tracking, you will lose evidence of prior submissions and have no basis for escalation if a broker fails to comply.
File with the Texas AG if ignored
If a broker does not respond within 45 days (or 90 days if they sent a timely extension notice), file a complaint at texasattorneygeneral.gov. Include your original request, the date sent, and any response (or lack of response) you received. The AG's office may not act on every complaint but creates a paper trail and occasionally leads to enforcement actions that benefit all Texas consumers.
For comprehensive removal across all brokers: OfflistMe handles opt-out requests across 500+ data brokers including all major Texas-registered brokers. One-time pricing starts at $7.00. Start your removal here.
Related Guides
Understand your privacy rights
Every removal request cites a specific statute. These plain-English explainers show what each law covers and how enforcement actually works.
Related Data Broker Removal Guides
Take back your privacy today
Remove your personal information from data brokers and platforms in seconds.
Remove Your Personal Data NowFrom $7.00 one-time · 500+ data brokers · No subscription