Standardizing Data Rights Requests with a Common Protocol

There is no standard way to exchange data rights requests under the law today. This means consumers need to contact companies and interact with them one by one to meaningfully control their data. Frequently consumers are asked to surface different types of information about themselves in these interactions with companies, which they say is dissatisfying and time-consuming. These barriers make it impractical for most people to use the data rights granted under the law.

We believe a standard protocol that streamlines and formalizes the components of a data rights request would allow for more consistency and efficiency for both consumers submitting requests and companies processing them. That’s why CR Digital Lab has started working with DataGrail, Ethyca, Mine, OneTrust, Spokeo, Surfshark, Transcend, and WireWheel to develop a Data Rights Protocol that will provide a standard method for consumers to exercise their data rights under the California Consumer Privacy Act and beyond.

Today, we are co-hosting a virtual Data Rights Roundtable with MIT Media Lab to discuss an early draft of this data rights protocol. This virtual event begins at noon ET and you can register here.

We are also inviting public review on our work to date starting today. You can offer feedback on the current draft of the protocol via this input form or pull requests to the public GitHub repository.

In the months ahead, we intend to further refine, test, and ultimately implement a version of this protocol. If you’d like to be involved in making data rights requests more consistent and efficient, drop us a line at

Get the latest on Innovation at Consumer Reports

Sign up to stay informed

We care about the protection of your data. Read our Privacy Policy