California to Require Privacy Options in Internet Browsers

California has led the nation in online privacy legislation for years. The California Consumer Privacy Act (CCPA) requires in-scope companies to allow users to opt out of certain data-gathering practices. However, as it stands, this is done on a website-by-website basis, making opting out burdensome and confusing for users. That is about to change with a new California law requiring internet browsers to have blanket opt-out settings that will apply to any website the user visits. A recent Clark Hill memo discusses the new law and identifies the compliance challenges websites and browser developers face:

“AB566 amends the California Consume[sic] Privacy Act (“CCPA”) by requiring companies that develop or maintain internet browsers to create an opt-out preference signal (“OOPS”) that will allow consumers to configure it to opt-out of the sale or sharing of their personal information… One of the requirements under the CCPA, for those businesses to which it applies, is to allow California residents to opt-out of the sale or sharing of their personal information, and to honor such requests. The new law will make it presumably easier, as outlined below, for California consumers to send businesses their preferences regarding opt-outs. This will require business to do two things 1) configure their website to accept such OOPS, and 2) track and honor such requests.”

It is unclear how companies will implement these requirements at a technical level. Some have speculated that the CPPA will promulgate standards to streamline this process. CCPA-covered entities will need to comply by 2027. The new requirements may make data gathering more difficult and are just one example of the evolving compliance landscape in state data privacy laws.