Governor Newsom and the California Privacy Protection Agency recently announced a new tool that enables Californians to easily opt out of the sale of their information by data brokers.
Delete Request and Opt-out Platform—also called “DROP”—was created pursuant to by SB 362 (the Delete Act), which was signed by Governor Newsom in 2023. The governor says that this measure “helps continue advancing California’s nation-leading privacy protections.”
Newsom went on to comment:
“A little over two years ago, I signed a nation-leading law to give Californians more control over their data, and the ability to tell data brokers that their information is not for sale. Your data should belong to you, and DROP will make that happen in one simple step.”
What Does DROP Do?
As of January 1st, Californians can enter a single deletion request to registered data brokers through DROP. The tool the immediately verifies the user’s California residency and transmits the deletion request to the data brokers. Under the Delete Act, data brokers are required to begin processing deletion requests August 1, 2026.
Data brokers collect, combine, analyze, trade, and sell personal information—typically without an individual’s knowledge or explicit consent—creating risks for fraud and other illegal results.
What are the Benefits of DROP?
- More consumer control of their data. Using DROP helps consumers to restrict the information that data brokers collect and sell about them.
- Less spam and scams. When consumer data stops getting sold, they’ll get less unwanted texts, calls, or emails; and
- Greater security. The program will decrease risk of identity theft, fraud, AI impersonations, or leaking or hacking of consumer data.
Who is a “Data Broker”?
According to the Delete Act, “data broker” is defined as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. “Data broker” doesn’t include any of the following:
- An entity to the extent that it is covered by the federal Fair Credit Reporting Act;
- An entity to the extent that it is covered by the Gramm-Leach-Bliley Act and its implementing regulations.
- An entity to the extent that it is covered by the Insurance Information and Privacy Protection Act; and
- An entity, or a business associate of a covered entity, to the extent their processing of personal information is exempt under Section 1798.146.
“DROP is a game changer for consumer privacy,” said Tom Kemp, Executive Director of the California Privacy Protection Agency (CalPrivacy). “It’s the first platform of its kind and it makes exercising privacy rights simple, free, and accessible for millions of Californians. It gives people a straightforward way to take control of their personal information.”
“With the launch of DROP, California is once again setting the national standard for consumer privacy,” said Senator Josh Becker, author of the Delete Act. “I wrote this bill to give people real control over their personal information and protect them from scams, identity theft, and spam emails. And I’m grateful to see that it’s being called the toughest privacy protection law in the country.”
“Privacy only works if people can trust the technology behind it,” said Liana Bailey-Crimmins, the State Chief Information Officer. “Our promise was to deliver an easy-to-use and secure platform for all Californians to decide whether or not data brokers can use or sell their personal information—and that’s exactly what DROP does.”
CalPrivacy will be in charge of policy and enforcement of the Delete Act and is responsible for delivering and maintaining the secure DROP website.
Bottom Line
California’s DROP is the first government-built platform of its kind. The program was developed by CalPrivacy in partnership with the California Department of Technology.
DROP helps give Californians gain more control over their data and simplifies the process of asking data brokers to stop sharing and selling their data. Before this, consumers were required to make requests to each data broker individually, which was very difficult and time-consuming.
If you have any questions regarding this topic, contact us at Eanet, PC.