Live! Superset DSR Metrics Dashboard

Plus: Superset's breaks 300k Monthly DSARs Processed; CIPA rule-making expires; & Superset speaks to the CPPA

Author

Zane Witherspoon
September 03, 2025

Get instant Metrics Reporting for the CPPA

The CPPA asks you to report your annual DSR metrics twice a year: Once when you register as a Data Broker and again on July 1st.

Normally going back and calculating the mean and median amount of time it took you to respond to Data Deletion Requests, Data Portability Requests, and Data Rectification Requests individually is a huge pain!

But businesses that use Superset can track their Data Privacy compliance over any timeframe - with any filters. Giving you not just your required Metrics Reporting, but also insight into the health of your compliance program.

CIPA Carveout Fails to Pass

Don’t expect relief from the onslaught of CIPA suits

The era of suing businesses for improper cookies under a 1967 wiretapping law will not be coming to an end as many had hoped. The California SB 690 missed the August 29th deadline to make it out of appropriations.

The California Invasion of Privacy Act (CIPA) has been the center of many talks in the privacy world as law-firms have taken several businesses to court for misconfigured cookie banners. The plaintiffs claim tracking a user when they opted out on the cookie banner counts as wiretapping. Defendants call the lawsuits frivolous.

Since the amendment which would have exempted commercial purposes form the criminal statute failed to pass - it’s worth double-checking that your cookies are NOT firing before a user clicks Accept or after they click Deny.

Superset Breaks 300K Monthly DSARs

We processed almost 17,000 requests in a single day!

It’s no surprise to any compliance team that Data Subject Requests come in heavy waves, but 300,000 in a month is a lot!

Data Rights are important, and we’re proud to be the channel businesses and consumers trust to exercise those rights!

CPPA Moves forward with DROP Rulemaking

Superset encouraged the CPPA not to charge more for DROP

The California Privacy Protection Agency will move forward with new rulemaking on the proposed Deletion Request and Opt-Out Platform (“DROP”) Requirements.

The CPPA is required under the Delete Act to create and maintain an “Accessible Deletion Mechanism” for all Californians. Consumers will supposedly have access to the system starting January 1st, 2026. The deadline for Data Brokers to start processing deletion requests via DROP is August 1st, 2026.

How did we do?

If you made it this far: Thank you!

Your feedback helps us create better newsletters! If you have any suggestions or questions, simply reply to this email. Additionally, if you found any of this helpful it helps us a lot to forward this over to your friends and coworkers!

Zane Witherspoon, CIPP/US

CEO Superset