February 4, 2023

Volume XIII, Number 35

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
Advertisement

February 03, 2023

Subscribe to Latest Legal News and Analysis

February 02, 2023

Subscribe to Latest Legal News and Analysis

February 01, 2023

Subscribe to Latest Legal News and Analysis
Advertisement

California’s “Do Not Track” Mandate Does Not Please Businesses

Since the California Privacy Protection Agency (CPPA) released its draft regulations pursuant to the California Privacy Rights Act (CPRA), the biggest gripe from businesses has been the website tracking opt-out requirements. Recognition of opt-out requests from consumers could potentially cost companies some significant dollars.

The CPRA amends the California Consumer Privacy Act of 2020 and goes into effect on January 1, 2023. One of the amendments included a new consumer right to opt-out of cross-context behavioral advertising (i.e., the ability to request that a website not track the user across time or across websites). There are many ways in which a consumer can opt-out of this sharing of data. One way could be to click on an opt-out button or link on a specific website. Another way could be to download an app, use a specific browser or platform (such as Global Privacy Control (GPC)) to automatically emit opt-out signals for every website visited. However, if a consumer uses GPC but does not turn off the universal opt-out signal, and then visits a website where the consumer actively and knowingly participates in an opt-in rewards program, it remains unclear on how a business should proceed in response to that signal.

Without more clarity under the CPRA regulations on how companies should respond on a TECHNICAL LEVEL, it may be difficult to achieve full compliance with consumers’ opt-out choices. This means that the potential for a violation and subsequent liability will increase beginning in the new year.

The CPPA has not wavered on its ‘do not track’ requirement, saying that a plain reading of the CPRA indicates flexibility for site-specific opt-out links. As currently written, the draft regulations would not require businesses to add opt-out links on their websites if they in fact do process opt-out signals from external apps in a “frictionless” manner. A “frictionless” manner means that the business does not:

  1.  Charge a fee for recognizing an opt-out signal

  2.  Change the consumer experience with the product or service

  3.  Display pop-ups, notifications, graphics, etc., in response to the signal

Businesses that should include opt-out links on their websites process external ‘do not track’ signals in a “non-frictionless” manner, which means that the signal is processed in a way that could change the user experience. Even the use of “non-frictionless” (which essentially means “with friction”) convolutes the issue and creates confusion among companies that are trying to comply before the end of the year. We will continue to watch for updates on the final regulations and further technical guidance on ‘do not track’ signals and consumer choice when it comes to the same

Copyright © 2023 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 343
Advertisement
Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Partner

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement
Advertisement