California Lets Residents Opt-Out of a Ton of Data Collection on the Web

This week, California Governor Gavin Newsom signed into law new legislation that will give Californians the ability to easily opt out of digital data collection with a simple portal that should apply to all websites in their browser. The move promises to make the state’s digital privacy protections that much easier to take advantage of, and could set a new precedent for future privacy regulations. In a press release shared this week, Newsom’s office announced the passage of two new laws, SB 361 and AB 566, that will strengthen the state’s landmark California Consumer Privacy Act. The CCPA, created in 2018, notably gave state residents the ability to request that companies share with them—but also delete—information that had been collected about them as part of their business practices. The passage of the CCPA was a big deal, but, as is often the case with landmark legislation, its execution has left something to be desired. While the CCPA did, indeed, force companies—for the first time—to give web users a certain amount of control over their data, the mechanisms by which that control can be exerted have always been quite imperfect. In other words, loopholes in the law have created a situation in which every single time a web user visits a website, they are forced to go through the annoying process of selecting their privacy preferences. In some cases, companies have capitalized on this process by making it confusing or difficult to navigate, thus tilting the scales in their favor. Now, however, due to the passage of AB 566, Californians should—theoretically—be able to opt out of all data collection via a simple portal made available through their web browser. The legislation “helps consumers exercise their opt-out rights” under the CCPA by “requiring browsers to include a setting to send websites an opt-out preference signal to enable Californians to opt out of third-party sales of their data at one time instead of on each individual website,” Newsom’s press release states. This is a great step towards giving web users more control over their data, although—given that the bill was just passed into law—it’s not yet clear how the regulation will manifest for consumers. Hopefully, it will be as easy as checking a box in your browser. The legislation puts California miles ahead of the rest of the country when it comes to digital privacy enforcement. In recent years, the state has also taken strides towards improving its ability to police and punish companies for infringing upon this law. Currently, enforcement is operated through the state Attorney General’s office. This year, a number of companies—including a tractor company and a health information publisher—were fined upwards of a million dollars for alleged CCPA violations. However, in 2020, the state also approved the creation of a new agency, the California Privacy Protection Agency (or CPPA—which has been dubbed the nation’s first “privacy police”), which is tasked with administering and implementing the CCPA. Also signed into law this week was SB 361, which is designed to strengthen California’s already existing data broker registry. The law will give consumers “more information about the personal information collected by data brokers and who may have access to consumers’ data,” Newsom’s office said.