Last week, the California Privacy Protection Agency (CPPA) voted in favor of a legislative proposal that would require web browsers to include a feature that allows web users the ability to exercise their privacy rights under the California Consumer Privacy Act (CCPA) through opt-out preference signals.

Under the California Consumer Privacy Act (CCPA), businesses must adhere to a user’s opt-out web preference signals as a valid request to opt-out of the sale and/or sharing of their information. These signals are supposed to be ‘global’ meaning that through an opt-out preference signal, a user can opt-out of the sale and sharing of their information on all websites that they interact with without having to make separate requests to each website. However, to exercise this right under the CCPA, a user must either use a browser that SUPPORTS these opt-out preference signals or take extra steps to download a browser plugin to support these signals. Currently, only a few browsers offer built-in support for opt-out preference signals: Mozilla Firefox, DuckDuckGo and Brave. That’s only 10 percent of the global desktop market share. But note, that none of these (or any others) are loaded onto devices by default, which means it is not apparent (or easy) for users to take advantage of these built-in protections.

If the California legislature adopts this proposal from the CPPA, it will be the first state to require browser vendors to enable this type of signals.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.