Online Personal Data Privacy: Fight Over Universal Opt-Out Mechanisms featured image

Online Personal Data Privacy: Fight Over Universal Opt-Out Mechanisms

by John DiGiacomo

Partner

Internet Law

Almost half of the States in the U.S. have enacted some version of an online personal or consumer data privacy statute. The statutes all use a similar framework that requires data collectors and processors to provide notices, obtain consent, and comply with mandates and prohibitions. For example, all of the online data privacy statutes require companies to provide privacy notices that tell consumers what data is collected, why the data is being collected, with whom the data is shared, sold, etc.

All of the statutes also require that data collectors allow consumers to opt out of various things, such as the collection, sharing, or processing of certain data for certain online users (like children) or for certain types of data (like personally sensitive data).

One current and ongoing political fight concerns whether companies should be required to allow and honor consumers’ data choices and preferences via global privacy controls (“GPC”). GPCs are often called “universal opt-out mechanisms” and “opt-out preference signals.” GPCs can be defined as signals sent automatically by browser, computer, or device settings that identify the consumer’s global privacy preferences for a website, app, or online service.

Consumer privacy advocates have recognized that identifying privacy preferences can be a cumbersome and inconvenient process for consumers, particularly if the preferences must be given for each website one at a time. Privacy advocates understand that the more difficult and inconvenient a process is, the less likely a consumer is to take the time to identify their privacy preferences.

Consumers may take the time to identify their privacy preferences for websites that they visit often. However, most consumers browse the internet by making one-time visits and staying for only a few minutes. For these kinds of “short hop” visits, for most consumers, it is too time-consuming to track down the link, go to the privacy page, and identify privacy preferences. However, even a short visit to a website might result in unwanted data collection, storage, sharing, and sale, resulting in, for example, a deluge of targeted advertising.

One solution to this problem is GPCs. Consumers can take the time to review and signal their preferences once for their browser, extensions, add-ons, device, or computer. Thereafter, even for “short hop” visits, their preferences will be sent to the website.

Currently, about twelve online personal data privacy statutes require that data collectors recognize and obey GPCs. California has now added its “voice” to the discussion by enacting what is called Assembly Bill 3048. The California Governor is expected to sign the legislation. AB 3048 amends earlier data privacy legislation and goes a bit further than simply requiring websites and online services are required to accept and honor such GPCs. That is already the law in California.

AB 3048 is not aimed at data collectors and processors but rather at browser developers and companies that make and operate mobile devices. Starting on January 1, 2026, such companies will be required to allow consumers to send privacy preference signals, in effect creating GPCs. AB 3048 does not require any sort of factory or default setting for those preference signals, and AB 3048 does not require that the GPCs be automatically “on.” It is a good guess that the next political “fights” will include those two questions.

Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side