Data Rights Protocol

Standardizing and streamlining consumer data rights requests

The Data Rights Protocol (DRP) is a technical standard for exchanging data rights requests under CCPA. The project began at Consumer Reports Innovation Lab in summer 2021, and was announced at a virtual event hosted by MIT Media Lab in October 2021. The protocol is co-developed by a consortium of implementing companies who serve in the role of authorized agent, privacy infrastructure provider, and/or covered business. You can explore the Data Rights Protocol on GitHub and let us know your feedback by emailing datarightsprotocol@cr.consumer.org.

🗓️ Roundtable for Businesses🎇

If you're a business that receives data rights requests, read more at DRP for Businesses.

Implementing Companies

• Consumer Reports Innovation Lab
• DataGrail
• Ethyca
• Mine
• OneTrust
• Sourcepoint
• Spokeo
• Surfshark
• Transcend
• WireWheel
• Yorba

Collaborators

• MIT Media Lab
• Legal Hackers

Coverage

• "Standardizing data rights requests with a common protocol" CR Innovation Lab Blog (October 19, 2021)
• "Data Rights Protocol and Global Privacy Control" CR Innovation Lab Blog (January 13, 2022)
• “How 'Authorized Agents' Plan to Make It Easier to Delete Your Online Data” Consumer Reports (March 21, 2022)

Contact

This project is led by Dazza Greenwood, Ryan Rix, and Ginny Fahs at Consumer Reports Innovation Lab. You can reach them via email at datarightsprotocol@cr.consumer.org.