California's Delete Request and Opt-Out Platform (DROP) is the first government-run tool that lets consumers submit a single deletion request to every registered data broker in the state. Launched on January 1, 2026, DROP is now accepting requests — and starting August 1, 2026, data brokers are legally required to process them. Here's exactly how to use it.
What Is DROP?
DROP is a centralized platform created by the California Privacy Protection Agency (CPPA) under the Delete Act (Senate Bill 362), signed into law in October 2023. Instead of visiting hundreds of individual data broker websites to submit opt-out requests one by one, California residents can submit a single request through DROP that gets forwarded to all 545+ registered data brokers in the state.
Think of it as a government-backed version of what private data removal services do — but free for California residents.
Who Can Use DROP
DROP is available to California residents only. You must be a current resident of California to submit a deletion request. There is no age requirement, but you must be able to verify your identity.
If you don't live in California, you can still exercise your privacy rights through individual data broker opt-out pages, or use a data removal service like PrivacyOn that covers 100+ data brokers nationwide regardless of your state of residence.
What Counts as a Data Broker?
Under California law, a data broker is a business that knowingly collects and sells the personal information of consumers with whom it does not have a direct relationship. As of January 2026, over 545 companies are registered as data brokers with the CPPA.
How to Use DROP: Step-by-Step
Step 1: Visit the DROP Portal
Go to privacy.ca.gov/drop, the official DROP portal hosted by the California Privacy Protection Agency. Make sure you're on the official .ca.gov domain to avoid phishing sites that may try to impersonate the platform.
Step 2: Create Your Account
Click "Create Account" and provide your email address. You'll need to verify your email before proceeding. Choose a strong, unique password for your DROP account.
Step 3: Verify Your Identity
DROP requires identity verification to ensure data brokers delete the correct person's information. You'll need to provide identifying details so brokers can match your request to their records. The more information you provide, the more broker records DROP can match.
Step 4: Submit Your Deletion Request
Provide the personal identifiers that data brokers typically use to build profiles:
- Full name (including maiden name and any previous names)
- Current and previous addresses
- Phone numbers (current and past)
- Email addresses
The more complete your submission, the more profiles brokers will be able to locate and delete.
Step 5: Track Your Request
DROP provides a dashboard where you can monitor the status of your deletion request. You'll see when registered brokers have acknowledged and processed your request.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanKey Deadlines and Timelines
- January 1, 2026: DROP opened for consumer requests
- August 1, 2026: Data brokers must begin processing DROP deletion requests
- Every 45 days: Brokers must check DROP for new requests
- Within 90 days: Brokers must delete your data after retrieving a request
Enforcement Penalties
Data brokers that fail to comply face a $200 fine for each deletion request for each day they fail to delete information. The CPPA has active enforcement authority and has already taken action against non-compliant brokers.
Limitations of DROP
While DROP is a significant step forward, it has important limitations:
- California residents only: If you live in another state, DROP won't help you
- Registered brokers only: DROP only covers the 545+ brokers registered with the CPPA — the FTC estimates over 4,000 data brokers operate in the US
- No ongoing monitoring: DROP processes deletion requests, but it doesn't prevent brokers from re-collecting your data after deletion
- Processing delays: Brokers have up to 90 days to process requests, and they only need to check DROP every 45 days
- No B2B coverage: Business-to-business data brokers like ZoomInfo and Apollo may not be covered
DROP vs. Data Removal Services
DROP is a valuable free tool for California residents, but it doesn't replace the comprehensive protection offered by dedicated data removal services. Here's how they compare:
PrivacyOn covers 100+ data broker sites nationwide (not just California-registered ones), provides continuous monitoring that catches re-listings, includes dark web monitoring, and offers family plans for up to 5 people. Most importantly, PrivacyOn doesn't just submit deletion requests — it verifies that your data has actually been removed and re-submits requests when brokers re-list your information.
For maximum protection, California residents can use both DROP and a service like PrivacyOn. DROP handles the California-registered brokers for free, while PrivacyOn catches the thousands of other data brokers operating nationwide and ensures your data stays removed over time.
What to Do If a Broker Ignores Your DROP Request
If a data broker fails to process your deletion request within the required timeframe, you have several options:
- File a complaint with the CPPA through the DROP dashboard or at cppa.ca.gov
- Document the noncompliance by taking screenshots of your request status
- Contact the broker directly to follow up on your request
- Consult with an attorney about potential legal action under the Delete Act
The CPPA has shown willingness to enforce data broker regulations, including fining brokers that fail to register as required by law.