California Bill Mandating Browser Opt-Out Support May Pass This Week

Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

California Bill Mandating Browser Opt-Out Support May Pass This Week

California AB 3048, which would require browsers and mobile operating systems to include settings enabling consumers to send opt-out preference signals to the websites and mobile apps they visit, has passed through the House and the Senate Judiciary and Appropriations committees and has been ordered for a third reading and potential vote on the Senate floor as early as this week.

TAKEAWAY

AB 3048 is sponsored by, and was created in response to a memorandum from, the California Privacy Protection Agency (CPPA). Currently, businesses are required under California law to honor opt-out preference signals enabled via participating browsers and browser plug-ins, but the choice for a browser or mobile operating system to offer users the option to enable an opt-out preference signal is entirely voluntary. Browsers Firefox, DuckDuckGo and Brave currently offer the Global Privacy Control opt-out preference signal feature, and it is also available through a number of browser plug-ins; however, total user adoption is still relatively low. Mandatory adoption across all browsers and devices would likely lead to a significant uptick in such adoption and, as a result, a likely increase in opt-outs across websites and mobile applications. The law, if passed, would authorize the CPPA to adopt regulations as necessary to implement its provisions.  

Awareness of  U.S. privacy laws is crucial to your business. Check out Sourcepoint’s continually updated U.S. States’ privacy laws comparison chart for the latest changes from different states, including California.

X agrees to suspend processing of AI Training Data Amid DPC Pressures

The Irish Data Protection Commission (DPC) announced that X had agreed to suspend its processing for training its AI tool ‘Grok’ of personal data collected from posts of EU/EEA users. The suspension was made in response to an urgent High Court request for such a suspension to protect the rights and freedoms of X users while the DPC and its EU/EEA peers examine whether the processing complies with the GDPR.

MOUNTING PRESSURE

The DPC is not alone in its scrutiny of X’s Grok training. The announcement of the suspension came shortly after a complaint was reportedly filed with the DPC by two consumer advocacy groups regarding X’s use of personal data for AI training. According to the complaint, X failed to adequately inform users about the specific processing operations and the legal basis for processing (only including the statement “We may use the information we collect and publicly available information to help refine our machine learning or artificial intelligence models for the purposes described in this policy” in its privacy policy), failed to restrict the processing of personal data in any way (through anonymization, pseudonymization or other privacy-preserving technologies), relied on legitimate interest as a legal basis without meeting the condition of necessity of processing (arguing that the same purpose can be pursued in a more reasonable and effective way by using the consent of the data subject as a legal basis), and inadequately managed the right to object (having allegedly failed to respond to the complainant’s requests). X has also reportedly received recent scrutiny from Australia’s DPA, claiming X’s data processing for Grok training may be in violation of Australia’s privacy law.

Personal sensitive information can be interpreted differently around the world. Download the new guide from Sourcepoint on sensitive data, Navigating the Maze: Sensitive Data & U.S. Privacy Laws.

Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.