CA DROP goes live august 1 — $200/request/day if you're not processing
the California Privacy Protection Agency's DELETE Request Opt-out Portal (DROP) launched january 1, 2026. data brokers must begin processing consumer deletion requests through it starting august 1, 2026 — 46 days from today.
the penalty for non-compliance: $200 per request per day.
a broker with 1,000 outstanding DELETE requests that goes 30 days past the deadline is looking at $6 million in exposure. this isn't a consent-order-someday situation — the per-request, per-day structure means penalties compound fast.
what DROP actually does
DROP is a centralized opt-out mechanism. a california consumer submits one deletion request through the CPPA portal. every registered data broker must process it within 45 days. there's no "we didn't see it" defense — the portal is the official notice.
the DELETE Act (SB 362) built this system. what it means in practice: if you're a data broker, you're now on a 45-day SLA for every incoming DROP request, enforced by an agency with real penalty authority.
what this means for individuals
before DROP, getting your data off 40+ broker sites meant finding each broker's opt-out form (often buried), submitting separately, and repeating every 3-6 months because brokers re-acquire from public sources.
DROP consolidates the california angle. but it doesn't cover the 40+ brokers operating outside the DROP system, doesn't handle re-acquisition, and doesn't cover data brokers in jurisdictions that haven't built a centralized portal yet.
the BizSuite data removal service covers 48 brokers across 5 tiers, with the CA DELETE Act / SB 362 workflow built in, plus ongoing monitoring for re-acquisition. the DROP deadline is the right moment to get this handled — $497 + $49/month, and you're off the list before august 1.
Top comments (0)