The ad industry is urging California Attorney General
Rob Bonta to withdraw a recent mandate that companies honor the “Global Privacy Control” -- a universal opt-out tool developed by privacy advocates.
That mandate, which was
announced earlier this month in a frequently-asked-questions response, “will cause confusion for consumers and businesses, rather than effectuating genuine user choices,” the Association
of National Advertisers, Interactive Advertising Bureau, American Association of Advertising Agencies and other groups say in a letter sent Wednesday to Bonta.
California's privacy
law gives consumers the right to learn what personal information has been collected about them by companies, have that information deleted, and opt out of the sale of that data to third parties.
Regulations approved last year by former Attorney General Xavier Becerra require companies to honor global opt-outs -- meaning companies can't insist
that consumers opt out on a site-by-site basis. Those regulations provide consumers can make that request through user-enabled browser plug-ins, privacy settings, device settings or other
mechanisms.
While most browsers have offered a do-not-track setting for years, that setting doesn't necessarily communicate that people don't want their data "sold," as the term is defined by
California law. But the Global Privacy Control, released last October, was developed with the California law in mind, and specifically transmits a do-not-sell request when consumers visit
websites.
Earlier this month, Bonta said in a frequently-asked-questions response that companies must honor requests sent through the Global Privacy Control -- which he described as a
“‘stop selling my data switch’ that is available on some internet browsers, like Mozilla Firefox, Duck Duck Go, and Brave, or as a browser extension.”
His office also
sent a warning letter to an electronics seller that allegedly failed to process opt-out requests submitted through the Global
Privacy Control.
The ad organizations -- which have consistently opposed a requirement to honor global opt-out requests -- on Wednesday officially asked Bonta to “retract this FAQ
response," and reconsider his enforcement approach to global opt-out mechanisms.
Among other arguments, the organizations say there should have been a formal procedure before Bonta issued the
mandate.
The groups also raise questions about whether signals sent by the Brave browser are user-enabled, given that the company -- which boasts that it stops “online
surveillance” -- sends the do-not-sell signal by default.
“There was no public process for evaluating or considering the cited tools or the particular implementations by the
browser referenced in the FAQ, and as a result there are diverging perspectives around what constitutes a tool that is 'user enabled,'” the groups write.
Concerns about default settings
also came up last year, when the attorney general first considered whether to require companies to honor global signals.
The attorney general's office responded at the time by saying that
consumers exercise choice by using a “privacy-by-design” product or service.
The ANA and other organizations also contend that Bonta's mandate conflicts with the California Privacy
Rights Act -- which expands on the California Consumer Privacy Act, and creates a new agency to oversee privacy.
The groups say the California Privacy Rights Act, slated to take
effect in 2023, will give businesses the choice of either complying with a universal opt-out mechanism, or posting a prominent link do-not-sell link on their home pages.
“Despite this choice that will become available to businesses in a short time, the FAQ response and decision to send enforcement letters ... is unnecessary and creates confusion in the market,” the
groups write. (Others, including the think tank Future of Privacy Forum, believe the
Consumer Privacy Rights Act will likely be interpreted as requiring companies to honor a universal opt-out mechanism.)
Other ad industry and business organizations signing the letter are
the Network Advertising Initiative, American Advertising Federation, Insights Association, California Chamber of Commerce, Digital Advertising Alliance, TechNet and State Privacy & Security
Coalition.