Opt-out tool will let Californians erase personal data held by brokers
The California Privacy Protection Agency has announced it will launch a new digital tool on Jan. 1 that will allow Californians to request that registered data brokers delete their personal information.
The tool, called DROP — or the Delete Request and Opt-out Platform — allows residents to send a single request to the more than 500 data brokers registered with the state to delete any personal information. Data brokers are legally required to fulfill the requests under the Delete Act, a law that also required the CPPA to build the DROP tool.
When DROP launches next year, Californians will be able to submit deletion requests by following three steps, starting with verifying residency. Second, they must provide basic information, like name, date of birth, phone number and email address, that data brokers might be using to track them. The CPPA said the amount of information residents provide is their choice, but that it must be enough for data brokers to identify them.
Lastly, Californians will receive immediate confirmation of their requests. Data brokers are not legally required to begin processing requests until Aug. 1. After that, the brokers will have up to 90 days to report the actions taken in response to the requests.
The CPPA said the information residents provide through the DROP tool will only be used to complete deletion requests, and won’t be sold or shared for any other reason. The agency also claimed that information submitted through DROP is protected and stored in a secure format so that no one else can read.
DROP requests will require data brokers to delete several types of data — personal information, behavioral data, financial-related data, health-related data, location data, relationship information and marketing inferences — but there’s some information that data brokers aren’t required to delete under the Delete Act. This includes information the government makes open to the public, like property records and court filings. Data brokers also won’t be required to delete information controlled by other federal and state laws, such as certain financial or health information.
