Calif. Privacy Agency Drops Deletion Draft Ahead of Meeting
The California Privacy Protection Agency released draft rule changes to data broker registration rules Thursday that support the state’s upcoming data deletion mechanism.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
CPPA plans to give an update on the Delete Request and Opt-Out Platform (DROP), under development with the California Department of Technology, at its upcoming March 6-7 board meeting (see 2502250002). DROP is on track to open to consumers Jan. 1 and data brokers on Aug. 1, 2026, says a CPPA presentation released ahead of the meeting. Testing is set to begin this fall and rulemaking will happen in 2026, it said.
Before submitting a request via DROP, consumers would have to verify “residency using a third party” and provide “a minimal amount of personal information,” say the agency’s slides: Consumers could then submit the request to “all or a subset of registered data brokers” and check the status or update the request in 45 calendar days.
Data brokers registered for DROP would download deletion lists manually or via an application programming interface once every 45 days, the presentation said. Brokers would have to identify matches and delete records, then report deletion status within 45 days. Personal information will be stored in a hashed format, with “[l]imited personal information released based on data broker records.”
CPPA hired 16 employees in 2024 and now has 47, including 39 who are permanent, said another board meeting presentation posted Thursday.