Paper 2026/1421
A Cryptographic Perspective on California's Delete Request and Opt-out Platform
Abstract
The California Consumer Privacy Act (CCPA) grants consumers the right to request deletion of personal data held by registered data brokers. California’s 2023 Delete Act provides a new mechanism through which consumers can exercise this right by leveraging a centralized Delete Request and Opt-out Platform (DROP), enabling users to submit a single request that must be periodically processed by all registered data brokers. Since this platform aggregates sensitive user information, it is intentionally designed with safeguards against information leakage and unauthorized disclosure. This legislation, and the system it introduces, are positioned to serve as a template for wider deployment, with copy-cat legislation already introduced in many US states. In this document, we evaluate the privacy architecture of the first-generation DROP system from a cryptographic perspective. The proposed design relies on hash-based record linkage---a widely used technique that offers heuristic rather than rigorous privacy guarantees. We begin by analyzing the inherent risks of this approach and identifying simple, lightweight modifications that can modestly improve its privacy guarantees by making it more difficult for malicious actors to exploit these vulnerabilities. We then contrast this approach with Private Set Intersection (PSI), a class of provably secure cryptographic protocols that only reveal the intended matching records and nothing more. For future iterations of DROP, we propose a comprehensive PSI-based redesign, arguing that it would substantially reduce the risk of accidental information leakage while incurring only moderate additional computational overhead. Next, we highlight how DROP presents a compelling application for advanced variants of PSI with extended functionalities and stronger security guarantees, and we outline several research directions for the cryptography community, motivated by the unique requirements of such systems. Finally, we identify systemic risks that cannot be mitigated by PSI alone and discuss potential complementary approaches for addressing these broader challenges. We hope this document serves as a common starting point for the cryptography and policy communities working to design future data deletion systems.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- Private Set IntersectionData deletionPrivacy laws
- Contact author(s)
-
aarushi goel @ rutgers edu
kaptchuk @ umd edu
peihan_miao @ brown edu
phuoc_pham_van_long @ brown edu
sing1745 @ purdue edu
rthomase @ umd edu - History
- 2026-07-16: approved
- 2026-07-11: received
- See all versions
- Short URL
- https://ia.cr/2026/1421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2026/1421,
author = {Aarushi Goel and Gabriel Kaptchuk and Peihan Miao and Phuoc Van Long Pham and Satvinder Singh and Rachel E. Thomas},
title = {A Cryptographic Perspective on California's Delete Request and Opt-out Platform},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/1421},
year = {2026},
url = {https://eprint.iacr.org/2026/1421}
}