Dive Brief:
- California’s privacy regulator has thrown its support behind a proposal that would require web browser vendors to provide consumers with a simple way to opt-out of the sale and sharing of their personal information.
- During its Dec. 8 meeting, the California Privacy Protection Agency’s board voted unanimously in favor of mandating via state legislation that vendors offer so-called “opt-out preference signals.”
- “Through an opt-out preference signal, a consumer can opt-out of sale and sharing of their personal information with all businesses they interact with online without having to make individualized requests with each business,” a CPPA press release said.
Dive Insight:
Seven states, including California, require businesses to honor browser privacy signals as an opt out of the sale of personal data. The other states are Colorado, Connecticut, Delaware, Montana, Oregon and Texas, according to the CPPA.
If the California privacy agency’s proposal was ultimately adopted by the legislature, the Golden State would be the first to require browser vendors to offer consumers the option to enable opt-out preference signals.
Consumers currently must either use a browser that supports an opt-out preference signal or take extra steps to find and download a browser plugin created by third-party developers that adds support for such signals, the CPPA said.
“To date, only a limited number of browsers offer native support for opt-out preference signals: Mozilla Firefox, DuckDuckGo, and Brave,” the CPPA said in its press release. “Together, they make up less than 10% of the overall global desktop browser market share. Importantly, none are loaded onto devices by default, making it difficult for consumers to learn about and take advantage of these protections.”
The CPPA said Google Chrome, Microsoft Edge, and Apple Safari have declined to offer these signals. They make up more than 90% of the desktop browser market share, according to the privacy agency.
The existing requirement for businesses to honor opt-out preference signals is mandated by the California Consumer Privacy Act known as CCPA.
The CPPA’s board gave support for staff to pursue via legislation what CPPA Executive Director Ashkan Soltani called an innovative opt-out preference signals proposal that would strengthen consumers’ privacy.
“If approved through the California legislative process, this proposal will not only advance Californians’ consumer privacy, but help incentivize the development of privacy-enhancing technologies,” Soltani said in a prepared statement.
Maureen Mahoney, the CPPA’s deputy director of policy and legislation, called opt-out preference signals a powerful tool for consumers seeking to protect their privacy rights.
“Consumers shouldn’t have to submit individual requests at hundreds of sites just to protect their personal information,” Mahoney said in a prepared statement. “We look forward to working with California legislators to make it easier for California consumers to exercise their privacy rights.”
In a memo to the board, Mahoney acknowledged that the legislative proposal could generate opposition, including from industry coalitions “given that many businesses objected to the CCPA’s requirement to honor opt-out preference signals as an opt-out of sale/sharing.”
“However, since this proposal would significantly advance Californians’ consumer privacy, staff recommends that the board support this legislative proposal, and authorize staff to identify an author, to work with them to develop such legislation, and to sponsor and support it,” Mahoney wrote in advance of the Dec. 8 board meeting.