Businesses would have to offer California residents user-friendly mechanisms to opt out of the sale of their personal data, under new new privacy regulations proposed Monday by Attorney General Xavier Becerra.
“A business’s methods for submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps,” the proposed rule states. “A business shall not use a method that is designed with the purpose or has the substantial effect of subverting or impairing a consumer’s choice to opt-out.”
California's privacy law, which took effect in January, gives state residents the right to learn what information has been collected about them by companies, to have that information deleted, and to prevent the sale of that data to third parties.
The newest proposed regulations offer several specific examples of the types of opt-out mechanisms that are now prohibited.
Among others, businesses would be prohibited from requiring people to take more steps to prevent the sale of their information than to opt in to its sale.
Businesses also wouldn't be able to use “confusing” language, such as “Don’t Not Sell My Personal Information.”
In addition, the proposed regulations would ban companies from requiring consumers to provide more personal information than needed to implement a do-not-sell request.
The new proposal come two weeks after Consumer Reports said a study it conducted showed widespread problems with opt-out mechanisms -- including links that were hard to find and burdensome procedures. Some companies asked people who wanted to opt out to first send in a photo of a government ID, or a selfie, or provide an identifier, such as Apple's “identifier for advertisers” -- an alphanumeric string tied to people's mobile devices.
Becerra's office is accepting comments on the proposal through October 28.