3 States Sweep for Universal Opt-Out Noncompliance

The CPPA and attorneys general from all three states are “contacting businesses that may not be processing consumer requests to opt out of the sale of their personal information submitted via the GPC as required by law and requesting that those businesses comply,” said the California privacy agency. Its executive director, Tom Kemp, said that collaboration with other states “is essential to the CPPA's work.”

“Californians have the important right to opt-out and take back control of their personal data -- and businesses have an obligation to honor this request,” said California AG Rob Bonta (D). “We have identified businesses refusing to honor consumers' requests to stop selling their personal data and have asked them to immediately come into compliance with the law. California and our sister states are committed to continued collaboration to actively enforce consumers' important privacy rights and are paying close attention to business compliance with the Global Privacy Control.”

In Connecticut, while many businesses understand consumer privacy rights available in the state and are “complying with the law, we are putting violators on notice today that respecting consumer privacy is non-negotiable,” said Attorney General William Tong (D).

The multistate investigative sweep pleased Consumer Reports, which found in a study earlier this year that several online retailers appear to be ignoring global opt-out requests (see 2504020065). "Ensuring that businesses are honoring universal opt-outs is central to effective privacy oversight," CR Policy Analyst Matthew Schwartz said in a press release. Without such mechanisms, it's "extremely difficult for consumers to take advantage of their rights in practice."

State privacy regulators announced a bipartisan consortium in April (see 2504160037). Some said that could foreshadow increased enforcement of privacy laws (see 2506020004).