CPPA Board approves proposal requiring internet browsers to offer consumers opt-out preference signals
On December 8, 2023, the California Privacy Protection Agency (CPPA) Board unanimously voted to approve a legislative proposal that would require internet browsers to send consumers an opt-out preference signal. The CPPA announced its approval on December 11, 2023, declaring that the proposal “will not only advance Californians’ consumer privacy, but help incentivize the development of privacy-enhancing technologies.”
Currently, the California Consumer Privacy Act (CCPA) requires businesses to honor consumers’ opt-out preferences as a request to opt out of the sharing and sale of their personal information. In addition to California, six other states, including Colorado, Connecticut, Delaware, Montana, Oregon, and Texas, also require businesses to honor browser privacy signals as an opt-out of the sale of personal data.
According to a CPPA staff memorandum, only a handful of browsers currently offer support for opt-out preference signals, including Mozilla Firefox. These opt-out signals are created in a single instance and transmitted every website consumers visit indicating their preferences to opt in or out of cookie usage, etc. The CPPA shared that the larger internet browsers, such as Google Chrome, Microsoft Edge, and Apple Safari, declined to offer opt-out preference signals. If adopted, the proposal will expand upon the CCPA’s requirements by providing consumers an easy way to “exercise their right to opt-out” through these preference signals without needing to submit “individualized requests with each business.”
It is the CPPA’s expectation that the opt-out signals will streamline the consumer opt-out process and better protect Californians’ privacy. If adopted, California would be the first state mandating internet browsers to offer consumers the option to enable opt-out preference signals. While the proposal must be developed into legislation and muster legislative approval, this is yet another example of how California continues to provide its consumers with some of the strongest data privacy protections in the country.
For more legislative updates on data privacy law from McDonald Hopkins, please subscribe to receive our publications or view the links below for recent updates on other state data privacy legislative updates. If you have questions about your company’s compliance with cyber regulations, concerns about vulnerability to a ransomware attack or other breach, or if you want to learn more about proactive cybersecurity defense, then please contact a member of McDonald Hopkin’s national data privacy and cybersecurity team.