At its December 8 board meeting, the California Privacy Protection Agency (“CPPA”) voted to advance a legislative proposal that would require vendors of web browsers to include a feature that would allow consumers to exercise data subject rights through opt-out preference signals. Regulations promulgated under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, provide that a business that receives a valid opt-out preference signal requesting that it not sell or share a consumer’s personal data is required to honor that request. Other states including Colorado, Connecticut, Delaware, Montana, Oregon, and Texas have included similar requirements in their state privacy laws.
In an accompanying press release, the CPPA stated that although browsers and other technologies can transmit opt-out preference signals to businesses on behalf of consumers, at present many browsers require consumers to install a third-party plugin capable of transmitting the signal. The CPPA also noted that browsers which natively support opt-out preference signals currently make up less than 10% of the global desktop browser market.