Online Personal Data Privacy: Fight Over Universal Opt-Out Mechanisms featured image

Online Personal Data Privacy: Fight Over Universal Opt-Out Mechanisms

by John DiGiacomo

Partner

Internet Law

Almost half of the States in the U.S. have enacted some version of an online personal or consumer data privacy statute. The statutes all use a similar framework that requires data collectors and processors to provide notices, obtain consent, and comply with mandates and prohibitions. For example, all of the online data privacy statutes require companies to provide privacy notices that tell consumers what data is collected, why the data is being collected, with whom the data is shared, sold, etc.

All of the statutes also require that data collectors allow consumers to opt out of various things, such as the collection, sharing, or processing of certain data for certain online users (like children) or for certain types of data (like personally sensitive data).

One current and ongoing political fight concerns whether companies should be required to allow and honor consumers’ data choices and preferences via global privacy controls (“GPC”). GPCs are often called “universal opt-out mechanisms” and “opt-out preference signals.” GPCs can be defined as signals sent automatically by browser, computer, or device settings that identify the consumer’s global privacy preferences for a website, app, or online service.

Consumer privacy advocates have recognized that identifying privacy preferences can be a cumbersome and inconvenient process for consumers, particularly if the preferences must be given for each website one at a time. Privacy advocates understand that the more difficult and inconvenient a process is, the less likely a consumer is to take the time to identify their privacy preferences.

Consumers may take the time to identify their privacy preferences for websites that they visit often. However, most consumers browse the internet by making one-time visits and staying for only a few minutes. For these kinds of “short hop” visits, for most consumers, it is too time-consuming to track down the link, go to the privacy page, and identify privacy preferences. However, even a short visit to a website might result in unwanted data collection, storage, sharing, and sale, resulting in, for example, a deluge of targeted advertising.

One solution to this problem is GPCs. Consumers can take the time to review and signal their preferences once for their browser, extensions, add-ons, device, or computer. Thereafter, even for “short hop” visits, their preferences will be sent to the website.

Currently, about twelve online personal data privacy statutes require that data collectors recognize and obey GPCs. California has now added its “voice” to the discussion by enacting what is called Assembly Bill 3048. The California Governor is expected to sign the legislation. AB 3048 amends earlier data privacy legislation and goes a bit further than simply requiring websites and online services are required to accept and honor such GPCs. That is already the law in California.

AB 3048 is not aimed at data collectors and processors but rather at browser developers and companies that make and operate mobile devices. Starting on January 1, 2026, such companies will be required to allow consumers to send privacy preference signals, in effect creating GPCs. AB 3048 does not require any sort of factory or default setting for those preference signals, and AB 3048 does not require that the GPCs be automatically “on.” It is a good guess that the next political “fights” will include those two questions.

Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Fairness Factors For Your College NIL Agreement

Fairness Factors For Your College NIL Agreement

Corporate

In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]

Read more about Fairness Factors For Your College NIL Agreement

Is a “Fanciful” Trademark the Best Type of Trademark?

Is a “Fanciful” Trademark the Best Type of Trademark?

Trademark

Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]

Read more about Is a “Fanciful” Trademark the Best Type of Trademark?

Put Revision Legal on your side