CPPA Holds Preliminary Stakeholder Session on Accessible Deletion Mechanism under Delete Act

John Lesko
Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

On June 26, 2024, the California Privacy Protection Agency (the “CPPA”) held a stakeholder session to provide information and gather stakeholder input on the CPPA’s mandate to build an accessible deletion mechanism known as the Delete Request and Opt-Out Platform (“DROP”) as required by the California Delete Act. DROP will allow consumers to request the deletion of their personal information held by data brokers through a single request. Generally, the public comments addressed concerns regarding potential administrative and technical burdens on data brokers, clarifying and confirming the scope of deletion requests, and verifying deletion requests.

Key takeaways from the public comments included:

  • Excessive and Fraudulent Deletion Requests. Stakeholders expressed concern that data brokers could receive excessive or fraudulent requests from bad actors and requested that the CPPA review and filter deletion requests prior to making them available on DROP.
  • Overly Burdensome Technical Requirements. Stakeholders identified that certain data brokers, including small businesses, may not have the technical capabilities to comply with DROP requests and requested that CPPA provide technological support to enable compliance.
  • Scope of Deletion Requests. Stakeholders stated that determining the scope of deletion requests may be difficult if consumers do not accurately explain the scope of their request. Stakeholders encouraged the CPPA to detail procedures for clarifying and confirming the scope of deletion requests, including processes for communicating with consumers.
  • Accurate Verification Thresholds. Stakeholders explained that a high verification threshold (e.g., requiring that consumers provide more information to enable data brokers to verify a request) would allow data brokers to ensure they are deleting the correct data, but could discourage consumers from exercising their rights. A low verification threshold could make it difficult for data brokers to accurately identify and delete data within the scope of a deletion request and lead to the deletion of incorrect data.

The CPPA has not provided a date by which it intends to issue draft DROP regulations. However, the Delete Act requires the CPPA to make DROP available to consumers by January 1, 2026.

Alston & Bird’s Privacy, Cyber & Data Strategy Team will continue to monitor the CPPA’s rulemaking process and provide updates as they become available.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide