CPPA might require all browsers to offer opt-out preference signals

Julie Rubash, General Counsel and Chief Privacy Officer
December 4, 2023

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


CPPA considers Requirement for all Browsers to Offer Opt-Out Preference Signals

memorandum from the California Privacy Protection Agency (CPPA) staff proposes that the CPPA Board support legislation to require all browsers, platforms and devices to include an opt-out preference signal feature, enabling users to opt out of the sale / sharing of their personal information across all websites that the user visits.


Consideration of the proposal is included as an agenda item for the Board’s December 8 meeting.

If approved according to the staff’s request, the Board would direct the staff to find an author, work with them to develop legislation based on the proposal, and sponsor and support the legislation.

Currently, businesses are required to honor opt-out preference signals enabled via participating browsers and browser plug-ins, but the choice for a browser to offer users the option to enable an opt-out preference signal is entirely voluntary.

Browsers Firefox, DuckDuckGo and Brave currently offer the feature, and it is also available through a number of browser plug-ins.    

Learn more about opt-out preference signals, such as Global Privacy Control:

Firefox 120 to Ease Ability to Set Global Privacy Control

What is Global Privacy Control? Frequently Asked Questions

Global Privacy Control and the Sourcepoint CMP


noyb Alleges Meta Subscription Model Violates GDPR

Privacy advocacy group noyb filed a complaint with the Austrian Data Protection Authority, alleging that Meta’s new ad-free subscription model on Facebook and Instagram, offered to users as an alternative to consenting to personalized ads, violates GDPR by not obtaining consent that is “freely given”. 

noyb alleges that the subscription fee of up to €251.88 / year for access to both platforms is out of proportion with Meta’s estimated €62,88 / year annual revenue per user in Europe.


Meta’s subscription model was offered shortly after the European Data Protection Board issued a binding decision banning Meta’s targeted advertising practices.

Meta is not the first company in Europe to offer paid subscriptions as alternatives to consent, and multiple data protection authorities have blessed the model, although within the parameters of certain guidance.

The Danish DPA announced in February 2023 general guidelines allowing for “cookie walls” as long as certain criteria are met, including:

  1. users must be given a reasonable alternative to the processing of their personal data (e.g., access to the content for a reasonable monetary fee);
  2. any data processed after a user provides consent (as an alternative to payment) must be a necessary part of the non-monetary alternative, or else separate consent must be obtained (e.g., if the non-monetary alternative is processing of personal data for marketing purposes, the company must obtain separate consent for any other purposes); and
  3. if the user chooses to make monetary payment, no personal data should be processed other than as necessary to provide the service requested, unless separate consent is provided.

Similarly, the French DPA (the CNIL) issued “Cookie Wall Evaluation Criteria” in May 2022 advising that websites conditioning access to a service on the acceptance of cookies or other tracer’s on the user’s terminal device should provide a fair alternative at a reasonable price, that the cookie walls should be limited to the purposes that allow for fair remuneration, and that the selection of the paid alternative should result in appropriate limitation of unnecessary tracers.

Read more:

Danish DPA allows cookie walls, within limits

CNIL publishers Cookie Wall Evaluation Criteria

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Vermont Data Privacy Bill Is Vetoed

June 17, 2024

Vermont Governor announced his veto of a bill that...

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]