Changeflow GovPing Data Privacy & Cybersecurity DROP Audits Preliminary Comment Period - Data B...
Priority review Consultation Added Consultation

DROP Audits Preliminary Comment Period - Data Broker Regulations

Favicon for cppa.ca.gov CPPA California Privacy Rulemaking
Detected
Email

Summary

The California Privacy Protection Agency (CPPA) announced preliminary rulemaking activities regarding Delete Request and Opt-out Platform (DROP) audits for data brokers under CalPrivacy. The agency is accepting preliminary written comments through May 7, 2026 at 5:00 PM PT to inform potential future regulations. Comments received are public records and may be included in future rulemaking packages.

Published by CPPA on cppa.ca.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

The California Privacy Protection Agency initiated preliminary rulemaking activities to explore regulations clarifying audit requirements for processing deletion requests by data brokers. The agency released an Invitation for Preliminary Comments on DROP Audits, seeking stakeholder input on potential regulatory requirements. Comments submitted are public records and may be disclosed or included in future rulemaking packages.

Data brokers and companies subject to California Privacy Rights Act obligations should review the preliminary comments request and consider submitting relevant input before the May 7, 2026 deadline. If CPPA proceeds with formal rulemaking, a separate public comment period under the Administrative Procedure Act will occur at a later date. Companies should monitor CPPA's regulations webpage for updates and subscribe to rulemaking notifications to stay informed of developments.

What to do next

  1. Submit preliminary comments on DROP audit requirements to regulations@cppa.ca.gov by May 7, 2026
  2. Subscribe to CPPA rulemaking notifications at cppa.ca.gov/webapplications/apps/subscribe/
  3. Monitor for future formal APA rulemaking on data broker deletion request regulations

Archived snapshot

Apr 8, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

  1. Home
  2. Regulations
  3. Delete Request and Opt-out Platform (DROP) Audits

Delete Request and Opt-out Platform (DROP) Audits

Preliminary Rulemaking Activities

CalPrivacy is exploring whether to adopt regulations to clarify or further specify the audit requirement for processing deletion requests. The Agency is gathering information and seeking input from stakeholders about this topic.

CalPrivacy solicited preliminary written comments related to the requirements for data broker audits from the public via its Invitation for Preliminary Comments – Delete Request and Opt-out Platform (DROP) Audits.

CalPrivacy will be accepting preliminary comments from April 7, 2026 until 5:00 p.m. PT on May 7, 2026.

Where to Submit Preliminary Comments

Electronic Submission:

Comments may be submitted electronically to regulations@cppa.ca.gov. Please include “Preliminary Comment – DROP Audits April 2026” in the subject line.

Mail Submission:

California Privacy Protection Agency
Attn: Legal Division – Regulations
400 R St., Suite 350
Sacramento, CA 95811

Preliminary Comments

The preliminary comments sought in this invitation are to assist CalPrivacy with its preliminary rulemaking activities and do not reflect any decisions made by CalPrivacy regarding future rulemaking. If CalPrivacy decides to propose regulations, a formal public comment period will be held at a later time during the formal Administrative Procedure Act rulemaking process. All preliminary comments received by CalPrivacy are public records subject to disclosure and may be included in future rulemaking packages.

Questions

Questions regarding this Request for Preliminary Comments may be directed to regulations@cppa.ca.gov.

Further Information

Information regarding the rulemaking process will be posted to https://cppa.ca.gov/regulations/. If you would like to receive notifications regarding rulemaking activities, please subscribe to the “Rulemaking Proceedings” email list at https://cppa.ca.gov/webapplications/apps/subscribe/. Please note that comments are public records and will be published on the Agency's website.

Named provisions

DROP Audits Delete Request Requirements

Related changes

Favicon for www.cand.uscourts.gov Ramos v. Mercor.io Corporation - Class Action Complaint
Priority review Apr 16, 2026 NDCA Recently Filed Documents Courts & Legal
Favicon for ncdoj.gov NC Reports Record 2,349 Data Breaches, 9.3M Exposed
Priority review Apr 16, 2026 NC AG Press Releases Courts & Legal
Favicon for rules.house.gov American Broadband Deployment Act of 2026
Priority review Apr 17, 2026 House Rules Committee: Legislation Government & Legislation

Get daily alerts for CPPA California Privacy Rulemaking

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for cppa.ca.gov
CPPA California Privacy Rulemaking cppa.ca.gov/regulations
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CPPA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CPPA
Comment period closes
May 7th, 2026 (20 days)
Compliance deadline
May 7th, 2026 (20 days)
Instrument
Consultation
Legal weight
Non-binding
Stage
Consultation
Change scope
Substantive

Who this affects

Applies to
Data brokers Technology companies Consumers
Industry sector
5112 Software & Technology
Activity scope
Data broker audits Consumer deletion requests Privacy compliance
Geographic scope
California US-CA

Taxonomy

Primary area
Data Privacy
Operational domain
Regulatory Affairs
Topics
Consumer Protection Cybersecurity

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 330 Consumer Protection 61 Courts & Legal 361 Data Privacy & Cybersecurity 77 Defense & National Security 51 Education 43 Energy 100 Environment 86 Environmental & Energy 34 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 278 Government Operations 107 Healthcare 142 Healthcare & Life Sciences 63 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 66 Labor & Employment 124 Legal & Judicial 27 Pharma & Drug Safety 101 Pharma & Healthcare 1 Public Health 2 Real Estate & Housing 57 Sanctions & Export Controls 1 Securities & Investments 27 Securities & Markets 103 Securities Regulation 6 Tax 65 Tax & Revenue 9 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 85

Get alerts for this source

We'll email you when CPPA California Privacy Rulemaking publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!