Sourcepoint

News Summary:

California’s data deletion platform, DROP, surpassed 258,000 registrations by March 31, 2026, ahead of its August 2026 compliance deadline, signaling increased consumer awareness. Simultaneously, regulators in Spain and the UK issued age assurance guidance, revealing a divergence between the EU’s flexible risk-based approach and the UK’s more prescriptive framework for protecting minors online. Previously, on March 24, Oklahoma enacted SB 546, becoming the 21st state to pass a comprehensive privacy law, which takes effect on January 1, 2027. Experts noted the law reflects the lowest common denominator of existing requirements. On March 17, the U.S. Supreme Court declined to review the 2nd Circuit’s dismissal of a lawsuit alleging an NFL violation of the Video Privacy Protection Act, leaving a three-to-one circuit split on the definition of "personally identifiable information" unresolved. Earlier in the month, on March 10, the California Privacy Protection Agency (CalPrivacy) levied fines against PlayOn Sports and Ford Motor Company for failing to comply with CCPA opt-out requirements. CalPrivacy also initiated rulemaking activities, seeking public comment on reducing friction in privacy rights requests and improving opt-out preference signal standards. This followed a March 3 policy statement from the FTC, clarifying it would not bring COPPA enforcement actions against certain general and mixed-audience sites that collect children’s personal information solely for age verification, provided specific safeguards are met.