Blog

California Bill Mandating Browser Opt-Out Support May Pass This Week

Julie Rubash, General Counsel and Chief Privacy Officer
August 12, 2024
California Bill Mandating Browser Opt-Out Support May Pass This Week

USA

California Bill Mandating Browser Opt-Out Support May Pass This Week

California AB 3048, which would require browsers and mobile operating systems to include settings enabling consumers to send opt-out preference signals to the websites and mobile apps they visit, has passed through the House and the Senate Judiciary and Appropriations committees and has been ordered for a third reading and potential vote on the Senate floor as early as this week.

TAKEAWAY

AB 3048 is sponsored by, and was created in response to a memorandum from, the California Privacy Protection Agency (CPPA). Currently, businesses are required under California law to honor opt-out preference signals enabled via participating browsers and browser plug-ins, but the choice for a browser or mobile operating system to offer users the option to enable an opt-out preference signal is entirely voluntary. Browsers Firefox, DuckDuckGo and Brave currently offer the Global Privacy Control opt-out preference signal feature, and it is also available through a number of browser plug-ins; however, total user adoption is still relatively low. Mandatory adoption across all browsers and devices would likely lead to a significant uptick in such adoption and, as a result, a likely increase in opt-outs across websites and mobile applications. The law, if passed, would authorize the CPPA to adopt regulations as necessary to implement its provisions.  

Awareness of  U.S. privacy laws is crucial to your business. Check out Sourcepoint’s continually updated U.S. States’ privacy laws comparison chart for the latest changes from different states, including California.

X agrees to suspend processing of AI Training Data Amid DPC Pressures

The Irish Data Protection Commission (DPC) announced that X had agreed to suspend its processing for training its AI tool ‘Grok’ of personal data collected from posts of EU/EEA users. The suspension was made in response to an urgent High Court request for such a suspension to protect the rights and freedoms of X users while the DPC and its EU/EEA peers examine whether the processing complies with the GDPR.

MOUNTING PRESSURE

The DPC is not alone in its scrutiny of X’s Grok training. The announcement of the suspension came shortly after a complaint was reportedly filed with the DPC by two consumer advocacy groups regarding X’s use of personal data for AI training. According to the complaint, X failed to adequately inform users about the specific processing operations and the legal basis for processing (only including the statement “We may use the information we collect and publicly available information to help refine our machine learning or artificial intelligence models for the purposes described in this policy” in its privacy policy), failed to restrict the processing of personal data in any way (through anonymization, pseudonymization or other privacy-preserving technologies), relied on legitimate interest as a legal basis without meeting the condition of necessity of processing (arguing that the same purpose can be pursued in a more reasonable and effective way by using the consent of the data subject as a legal basis), and inadequately managed the right to object (having allegedly failed to respond to the complainant’s requests). X has also reportedly received recent scrutiny from Australia’s DPA, claiming X’s data processing for Grok training may be in violation of Australia’s privacy law.

Personal sensitive information can be interpreted differently around the world. Download the new guide from Sourcepoint on sensitive data, Navigating the Maze: Sensitive Data & U.S. Privacy Laws.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

CPPA Settles With Unregistered Data Brokers

November 18, 2024

Following an investigative sweep of unregistered data brokers, the...

Paramount Hit With VPPA Class Action

November 5, 2024

A class action complaint was filed in NY alleging...

Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR

October 28, 2024

Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]