California Legislature Advances Bill Empowering Consumers to Easily Exercise Privacy Rights at Scale

News:

SACRAMENTO — The California Privacy Protection Agency (CPPA) commends the California State Legislature for passing the California Opt Me Out Act (AB 566), a groundbreaking bill that will require browsers to support opt-out preference signals (OOPS), allowing consumers to limit the sale and sharing of their information in a single step. The bill, authored by Assemblymember Lowenthal and sponsored by CPPA, now heads to the Governor for consideration.

AB 566 requires browsers to include functionality configurable by a consumer that enables the browser to send an opt-out preference signal to businesses with which the consumer interacts through the browser. This “set it once, protect everywhere” approach eliminates the current burden on consumers to either individually opt out at hundreds of different websites or to hunt down one of the few privacy-protecting browsers currently offering OOPS.

“We thank the legislature for passing AB 566, a landmark bill that helps break the cycle of forcing Californians to endure a never-ending set of chores in order to exercise their individual privacy rights,” said CPPA Executive Director Tom Kemp. “This bill is another example of the CPPA's focus on operationalizing and scaling consumer privacy rights.”

The bill is particularly important now because consumers' sensitive personal information, including racial or ethnic identity, health information, religion, immigration status, military service, and political affiliations, is regularly collected, sold, and used in ways consumers may not expect. Without universal opt-out tools, this information remains more vulnerable to sharing and exploitation by bad actors.

Currently, a few privacy-focused browsers offer OOPS, but AB 566 will require all browsers, including Google Chrome, Apple Safari, and Microsoft Edge, to support the signals.

“The California Consumer Privacy Act already requires businesses to honor opt-out preference signals,” said Maureen Mahoney, Deputy Director of Policy & Legislation. “AB 566 ensures that the signals will no longer be a premium feature available only to those who actively seek out specialized browsers.”

Even with an opt-out signal enabled, consumers will be able to exercise their preferences at specific sites. For example, under existing law, if there is a conflict between OOPS and the consumer's current privacy settings, the business is allowed to ask the consumer permission to sell or share their data.

California is currently one of approximately a dozen states that require businesses to honor privacy requests made through OOPS, and the states have been collaborating on enforcement and educational efforts with respect to these signals. If AB 566 is signed, California will become the first state in the nation to require browser support for OOPS, setting a powerful precedent that could inspire similar protection around the nation.

ABOUT US

The California Privacy Protection Agency is committed to rulemaking, enforcement, and public awareness of consumers' privacy rights and businesses' responsibilities under the California Consumer Privacy Act.

Individuals can visit privacy.ca.gov to access helpful and up-to-date information on how to exercise their rights and protect their personal information. In addition, the Agency's website provides important information about CPPA board meetings, announcements, and the rulemaking process.

If you have questions, please use our Contact form.