Data Rights Protocol
Standardizing and streamlining consumer data rights requests

The Data Rights Protocol (DRP) is a technical standard for exchanging data rights requests under CCPA. The project began at Consumer Reports Digital Lab in summer 2021, and was announced at a virtual event hosted by MIT Media Lab in October 2021. The protocol is co-developed by a consortium of implementing companies who serve in the role of authorized agent, privacy infrastructure provider, and/or covered business. You can explore the Data Rights Protocol on GitHub and let us know your feedback here.
Interested in collaborating? Sign up here!
🗓️ Roundtable for Businesses🎇
If you're a business that receives data rights requests, read more at DRP for Businesses.
Implementing Companies
- Consumer Reports Digital Lab
- DataGrail
- Ethyca
- Mine
- OneTrust
- Sourcepoint
- Spokeo
- Surfshark
- Transcend
- WireWheel
Collaborators
Coverage
- "Standardizing data rights requests with a common protocol" CR Digital Lab Blog (October 19, 2021)
- "Data Rights Protocol and Global Privacy Control" CR Digital Lab Blog (January 13, 2022)
- “How 'Authorized Agents' Plan to Make It Easier to Delete Your Online Data” Consumer Reports (March 21, 2022)
Contact
This project is led by Dazza Greenwood, Ryan Rix, and Ginny Fahs at Consumer Reports Digital Lab. You can reach them via email at datarightsprotocol@cr.consumer.org.