Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.
At its most recent meeting, the California Privacy Protection Agency (CPPA) reported that more than 575 data brokers have registered with its Delete Request and Opt-out Platform (DROP). DROP is the first tool of its kind in the United States. It allows California residents to submit a single request to delete personal information held by brokers registered in California. The platform went live on January 1, 2026, and early usage was immediate and substantial. The CPPA reported that over 242,000 California residents have signed up with DROP, and more than 18,000 deletion requests were submitted within 48 hours of launch. However, a big operational turning point arrives soon; data brokers must begin complying with those deletion requests on August 1, 2026.
Historically, deleting personal information held by data brokers has often required consumers to identify brokers one by one, locate opt-out or deletion pages, and repeat the process across dozens or even hundreds of companies. DROP is designed to reduce that burden by centralizing the request process into one form for brokers registered in the state. If the platform performs as intended at scale, it could meaningfully reduce “privacy friction” by consolidating deletion requests into a single workflow for California residents; raising the compliance baseline for brokers by standardizing intake and response expectations; and increasing accountability because registration and compliance timelines are visible to regulators.
For brokers, the compliance impact is direct. The volume of registered brokers, along with a large resident signup count, suggests that this August could bring sustained, high-volume deletion activity. Plus, once a platform makes consumer requests easier to submit at scale, non-compliance becomes easier to detect and potentially easier to prioritize for enforcement. If early participation is any indicator, DROP could quickly become the default way Californians exercise deletion rights, and the easiest way for regulators to spot which brokers are keeping up and which are not.
Next up for the CPPA, beyond the data broker ecosystem, are compliance checklists and guidance for cybersecurity audits and risk assessments, as well as guidelines for automated decision-making technology, aimed at helping companies comply with regulations adopted in 2025.