REDWOOD CITY – A California privacy platform secured over 176,000 sign-ups in its first four weeks online as state residents seize the chance to permanently delete personal information from over 545 data broker sites simultaneously.
The Delete Request and Opt-Out Platform (DROP) is the world’s first government-built tool to provide this service, wrote Gavin Newsom’s office in a recent press release. Before DROP’s launch, consumers either had to pay a private company to erase their personal information from data broker sites or do it themselves. The latter involves visiting California’s registry of over 500 companies and separately submitting deletion requests to each.
Signing up for DROP takes under 10 minutes (and it’s free). Data brokers will begin processing deletion requests in August. The status of deletion requests must be updated within 45 days of submission and completed within 90 days. Brokers are required to continue checking DROP every 45 days following the initial submission to process new requests and delete any personal information collected since the last check.
Mandated by the Delete Act in 2023, DROP builds off years of pioneering California privacy legislation. In 2018, California passed the first state law to protect the privacy rights of its citizens. Two years later, it established the California Privacy Protection Agency (CalPrivacy), the first and only independent agency to enforce these rights and respond to privacy complaints.
Speaking at a senior scam seminar hosted through Democratic State Senator Josh Becker’s (CA-13) office on Jan. 15, CalPrivacy Executive Director Tom Kemp urged attendees to sign up for the platform. “We are in a digital economy… You guys, and your data, are the product.”
Data brokers don’t have direct relationships with consumers. Instead, they collect personal information from people’s online activity and publicly available records to create comprehensive profiles. These profiles are then sold to third parties. “They may obtain details such as a person’s email, phone number, browsing history, or location data. They may also collect and sell inferences about an individual’s interests, health, shopping habits, and more,” wrote CalPrivacy Deputy Director of Public Affairs Megan White in an email.
DROP critics argue that the platform undermines data brokers who collect personal information for legitimate purposes. “Data brokers provide services to… businesses in support of anti-money laundering, sanction compliance, cybersecurity, and underwriting activities,” the California Chamber of Commerce wrote in its opposition statement to the Delete Act. Additionally, it criticized the Act’s redundancy, writing that California’s data broker registry is a sufficient resource for identifying brokers and submitting deletion requests.
Supporters argue previous legislation didn’t go far enough to protect consumers. Writing in support of DROP, California Attorney General Rob Bonta cited the limitations of “Right to Delete” under California’s 2018 privacy law. “Right to Delete” entitles individuals to delete data collected directly “from the consumer.”
But according to Bonta, “[d]ata brokers may not always collect information from consumers directly, creating a loophole that leaves Californians unable to exercise this essential right and
vulnerable to the risks associated with unauthorized collection, sale, and misuse.” Indirect information can be gathered through sources such as public records, social media activity, or third-party cookies (see below). Enabling individuals to delete all personal data gathered about them shifts discretionary power over information from brokers to consumers.
Kemp provided 5 additional “quick and dirty” tips to reduce your digital footprint.
Block third-party cookies.
Third-party cookies let businesses track consumers as they navigate across various websites. These are different from first-party cookies which tell websites that a user has visited their page before, helping them personalize the experience. Block third-party cookies through your browser’s settings.
Disable or set mobile advertising ID to zero.
Every phone has a mobile advertising ID, allowing businesses to track users as they navigate across apps. Visit “Privacy and Security” in iOS Settings to disable app tracking requests. On Android visit “Ads” in the Settings “Privacy” page to delete advertising ID.
Enable opt-out preference signal.
This signal tells every website a user visits to not sell or share their personal information. Most browser web stores have third-party extensions you can access by typing “global privacy control” in the store’s search engine. In 2027, California’s Opt Me Out Act will require browsers to enable this signal by default.
Turn off location settings.
Disable for apps that don’t need your location to function.
File a CPPA complaint to privacy.ca.gov/complaints.
According to Kemp, the CPPA gets hundreds of complaints weekly concerning violations of online privacy rights.
