State governments push for stronger consumer data protection laws

Webp 3r2l9nmmbri3huekmox6348shtyh
Alexandra Reeve Givens President & CEO at Center for Democracy & Technology | Official website

State governments push for stronger consumer data protection laws

ORGANIZATIONS IN THIS STORY

The digital age has ushered in a complex landscape where consumer data is routinely tracked and sold, often without the full consent or awareness of the individuals involved. While legislation such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States aim to protect privacy, they also highlight significant gaps that still exist in enforcing meaningful opt-out rights for consumers.

Technical solutions like Global Privacy Control (GPC) have emerged to help users exercise their privacy rights more efficiently. GPC allows users to signal their desire to opt out of data collection with a single browser setting. However, despite its potential, many companies have been slow to adopt these mechanisms voluntarily. CDT has expressed support for legislative measures requiring companies to respect universal opt-out signals.

California's legislative efforts reflect this ongoing struggle. Last year, California passed AB 3048, which would have required browsers and mobile operating systems to offer an option for sending a universal opt-out signal. However, Governor Gavin Newsom vetoed the bill after lobbying from tech industry representatives. "No major mobile OS incorporates an option for an opt-out signal," Governor Newsom stated, suggesting that design decisions should be led by developers rather than regulators.

Despite this setback, California continues its efforts with the reintroduction of similar legislation through AB 566. This bill aims to simplify how Californians can exercise their right to prevent their data from being sold by enabling a universal opt-out mechanism.

The challenge remains significant as major web browsers like Google Chrome, Apple Safari, and Microsoft Edge do not currently support GPC. This lack of support prevents many users from sending necessary signals to exercise their privacy rights effectively.

CDT remains committed to advancing GPC standardization at W3C and supporting state-level privacy laws mandating respect for user opt-out signals. The organization emphasizes that consumer-friendly universal opt-out mechanisms are essential for basic privacy protections.

As discussions continue into 2025, CDT urges all stakeholders — including tech companies and policymakers — to recognize the importance of making consumer opt-outs functional and accessible. Without such mechanisms, consumers face challenges akin to "playing endless whack-a-mole" in managing their digital privacy.

ORGANIZATIONS IN THIS STORY