Questions Remain Over California’s Opt Me Out Act, Lawyer Says
Though California’s Opt Me Out Act will make effectuating privacy rights easier for consumers, there are lingering issues about specifics that privacy professionals should consider, Shook Hardy attorney Josh Hansen said during a Thursday webinar hosted by compliance vendor Privado.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The bill requires that companies include an opt-out preference signal in their browsers, making [opting in or out] “a lot more accessible for users,” Hansen said, especially for those who are less tech-savvy. For example, the lawyer said his parents “can use computers" but wouldn't download a Global Privacy Control browser extension. Under this law, however, if they receive a pop-up asking if they want to see targeted ads or share their information, they can more easily state their preference, he said.
Once the law becomes effective, in January 2027, Hansen believes opt-outs will become “mainstream,” which will “require a lot more of a compliance lift on the back end to make sure [companies are] honoring” the requests. It also “might encourage companies to look for alternatives to targeted advertising or similar metrics to get the information they need to power their business,” he added.
Companies should look out for guidance about the law's vaguer aspects, Hansen said. For example, it says that “the [California Privacy Protection Agency] can issue regulations,” he noted, so keep an eye on CalPrivacy’s radar to determine what those may look like.
CalPrivacy officials said at a meeting Friday that the agency is looking at opt-out preference signals, in addition to employment data and other topics, as possible future areas of rulemaking (see 2511070050). However, Hansen noted that how much CalPrivacy has on its plate and how fast it can move on issues could be factors.
Questions also linger about whether the opt-out law applies to mobile browsers and questions about how companies outside of California can comply with the law.
An “interesting” aspect of the law is that California said companies must "make these [opt-in, opt-out] options easy to locate and configure,” as well as “explain how it works” within the signal. Hansen predicted this would “increase the number of opt-outs.”
At an IAPP conference last month, CalPrivacy Executive Director Tom Kemp said the law is meant to make privacy easier for consumers (see 2510310032). Gov. Gavin Newsom (D) signed the bill in October (see 2510080054).