United States:
CPPA Board Approves Proposal To Require Browsers To Provide Opt-Out Signals
14 December 2023
Foley & Lardner
To print this article, all you need is to be registered or login on Mondaq.com.
The California Privacy Protection Agency voted 5-0 to support a
legislative proposal to require browsers to send an opt-out
preference signal.
While the proposal still needs to go through the standard
hurdles in the California legislature and signed by the Governor,
if passed it would be another example of California leading the way
in privacy by essentially providing a one-stop shop for California
consumers to exercise their rights through browser signals instead
of individually. This is an extension of the requirement in the
California Privacy Rights Act for websites to comply with browser
signals in order to opt-out of the sale/sharing of personal
information, if and when sent - now the browsers will have to
actually have the capability to send the signals, completing the
technology set necessary to exercise opt-out rights.
What will be interesting (assuming it ultimately gets passed) is
to see when this will be effective and how the browser providers
implement the requirement - will they provide this functionality to
everyone, or try to limit it only to California? Time will
tell.
The California Privacy Protection Agency Board voted 5-0 at
its December 8, 2023 meeting to advance a legislative proposal to
require browser vendors to include a feature that allows users to
exercise their California privacy rights through opt-out preference
signals.
Google Chrome, Microsoft Edge, and Apple Safari—which
make up over 90% of the desktop browser market share—have
declined to offer these signals, although these companies are also
heavily reliant on advertising business models. No device operating
system has yet implemented support for opt-out preference
signals.
If the proposal is adopted, California would be the first
state to require browser vendors to offer consumers the option to
enable these signals. Seven states, including California, Colorado,
Connecticut, Delaware, Montana, Oregon, and Texas, require
businesses to honor browser privacy signals as an opt out of the
sale of personal data.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from United States
State Data Breach Notification Laws
Foley & Lardner
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice.