What's Happening?
The California Privacy Protection Agency (CPPA) has released Enforcement Advisory No. 2025-01, reminding data brokers of their obligations under California's Delete Act. The advisory emphasizes the need
for annual registration and payment of fees, which support the state's Delete Request and Opt-Out Platform (DROP). Starting January 1, 2026, DROP will enable consumers to request the deletion of their personal information from registered data brokers through a single request. The advisory highlights key compliance issues, such as the requirement for each data broker entity, including subsidiaries, to register separately. It also mandates that data brokers list all websites and trade names in their DROP account and ensure the accuracy and functionality of these links. Non-compliance could result in administrative fines of $200 per day, in addition to registration fees and investigation costs.
Why It's Important?
The advisory is significant as it reinforces California's commitment to consumer privacy and data protection. By ensuring data brokers comply with the Delete Act, the CPPA aims to enhance transparency and control over personal data for California residents. This move could influence other states to adopt similar measures, potentially leading to broader national standards for data privacy. The enforcement of these regulations may also impact the operations of data brokers, requiring them to invest in compliance measures and potentially altering their business models. Consumers stand to benefit from increased control over their personal information, while data brokers face the challenge of adapting to stricter regulatory environments.
