All Blog Posts
Privacy News

Concord Privacy News: 2/3/26

California launches first-of-its-kind privacy tool to combat data brokers; Vietnam implements comprehensive personal data decree on final day of 2025; States’ efforts to protect sensitive data from the feds could ramp up in the new year

Published: Tue Feb 03 2026

Concord Privacy News: 2/3/26
California Launches DROP — A First-of-Its-Kind Privacy Tool to Combat Data BrokersWhy DROP Is a Big DealA First Among Public ToolsHow This Fits With Broader Privacy EffortsWhat This Means for Privacy LeadersFinal TakeawayOther Privacy News of NoteVietnam Implements Comprehensive Personal Data Decree on Final Day of 2025EU and Brazil Finalize Landmark Data Adequacy Agreement

California Launches DROP — A First-of-Its-Kind Privacy Tool to Combat Data Brokers

The privacy world just got a significant development: California has launched DROP, a groundbreaking new tool that lets residents remove their personal data from hundreds of data brokers with a single request.

This comes as part of the state’s California Delete Act (effective January 1, 2026), marking a pivotal shift in how individuals can exercise control over their information in the age of widespread data collection and resale.

Why DROP Is a Big Deal

For years, consumers have struggled with a fragmented, manual process for asking data brokers to stop selling or sharing their personal information. Each broker had its own opt-out form, procedures, and timelines — often buried deep in legalese and challenging to navigate.

DROP changes by creating a centralized platform where California residents can send a single deletion request that is automatically distributed to all registered data brokers — more than 500 at launch. This dramatically simplifies what was once a time-intensive and confusing process.

The result? A more efficient, more enforceable way for individuals to assert their privacy rights.

A First Among Public Tools

While there are existing commercial services that help people request data deletion and opt-outs, what sets California’s DROP apart is:

  • Government-run and backed by state law
  • Single-submission for hundreds of brokers
  • Built into the state’s privacy framework

This means DROP isn’t just a convenience; it represents a policy innovation that codifies individual control into an actionable workflow.

How This Fits With Broader Privacy Efforts

DROP isn’t happening in isolation. Here’s where it fits in the wider privacy landscape:

Data Broker Opt-Out Services Already Exist

There are private offerings, like subscription-based deletion services, that automate opt-outs on behalf of users. However, these are commercial and operate outside of any governmental mandate.

Federal Privacy Reform Is in the Works

Privacy advocates and lawmakers are pushing for federal legislation (such as the American Privacy Rights Act) that would create nationwide data rights, including deletion and access requirements. But such bills are still under consideration and are not yet law.

Other States Are Building Privacy Laws Too

Several states (including Oregon, Texas, and Virginia) have passed or updated privacy regulations. Many require data broker registration and transparency, but none so far offer a central deletion portal like DROP.

What This Means for Privacy Leaders

If your organization handles personal information — whether as a customer, partner, or vendor — developments like DROP signal a broader trend:

  • Consumers will increasingly expect simple, centralized privacy controls
  • Compliance demands will grow beyond basic notices and opt-outs
  • Privacy platforms must evolve to support ongoing regulatory innovation

Solutions that integrate cookie consent management, policy generation, data mapping, and DSAR handling will be well-positioned to support enterprises navigating this complexity — especially as laws expand the rights individuals can exercise over their data.

Final Takeaway

California’s DROP is the first publicly operated deletion portal of its kind. While commercial alternatives and federal proposals exist, this launch represents a significant new model for data subject empowerment.

For privacy professionals and technology providers, it illustrates how consumer demand and regulation are aligning to make data control more actionable and less manual — a trend that’s only going to accelerate in 2026 and beyond.

Other Privacy News of Note

Vietnam Implements Comprehensive Personal Data Decree on Final Day of 2025

Vietnam's government issued a comprehensive decree implementing the Personal Data Protection Law on December 31, 2025, establishing detailed compliance requirements that affect every organization handling Vietnamese user data. Decree 356/2025/ND-CP sets specific procedures for data consent, international transfers, and violations, marking a major development for the digital advertising ecosystem operating in Southeast Asia's emerging market. Read more.

EU and Brazil Finalize Landmark Data Adequacy Agreement

Brazil and the European Union have finalized a long-awaited adequacy agreement, recognizing each other’s data protection frameworks as providing essentially equivalent safeguards for personal data. The decision, years in the making, means that personal data can now flow securely and directly between the EU and Brazil without the need for additional transfer mechanisms, reducing legal complexity and costs for organizations while upholding strong protections for individuals on both sides of the Atlantic. This landmark move not only facilitates digital trade and cross-border cooperation but also underscores the growing global convergence toward high-standard privacy regimes. Read more.