Ad Industry Urges California To Retract 'Global Privacy Control' Mandate

The ad industry is urging California Attorney General Rob Bonta to withdraw a recent mandate that companies honor the “Global Privacy Control” -- a universal opt-out tool developed by privacy advocates.

That mandate, which was announced earlier this month in a frequently-asked-questions response, “will cause confusion for consumers and businesses, rather than effectuating genuine user choices,” the Association of National Advertisers, Interactive Advertising Bureau, American Association of Advertising Agencies and other groups say in a letter sent Wednesday to Bonta.

California's privacy law gives consumers the right to learn what personal information has been collected about them by companies, have that information deleted, and opt out of the sale of that data to third parties.

Regulations approved last year by former Attorney General Xavier Becerra require companies to honor global opt-outs -- meaning companies can't insist that consumers opt out on a site-by-site basis. Those regulations provide consumers can make that request through user-enabled browser plug-ins, privacy settings, device settings or other mechanisms.

While most browsers have offered a do-not-track setting for years, that setting doesn't necessarily communicate that people don't want their data "sold," as the term is defined by California law. But the Global Privacy Control, released last October, was developed with the California law in mind, and specifically transmits a do-not-sell request when consumers visit websites.

Earlier this month, Bonta said in a frequently-asked-questions response that companies must honor requests sent through the Global Privacy Control -- which he described as a “‘stop selling my data switch’ that is available on some internet browsers, like Mozilla Firefox, Duck Duck Go, and Brave, or as a browser extension.”

His office also sent a warning letter to an electronics seller that allegedly failed to process opt-out requests submitted through the Global Privacy Control.

The ad organizations -- which have consistently opposed a requirement to honor global opt-out requests -- on Wednesday officially asked Bonta to “retract this FAQ response," and reconsider his enforcement approach to global opt-out mechanisms.

Among other arguments, the organizations say there should have been a formal procedure before Bonta issued the mandate.

The groups also raise questions about whether signals sent by the Brave browser are user-enabled, given that the company -- which boasts that it stops “online surveillance” -- sends the do-not-sell signal by default.

“There was no public process for evaluating or considering the cited tools or the particular implementations by the browser referenced in the FAQ, and as a result there are diverging perspectives around what constitutes a tool that is 'user enabled,'” the groups write.

Concerns about default settings also came up last year, when the attorney general first considered whether to require companies to honor global signals.

The attorney general's office responded at the time by saying that consumers exercise choice by using a “privacy-by-design” product or service.

The ANA and other organizations also contend that Bonta's mandate conflicts with the California Privacy Rights Act -- which expands on the California Consumer Privacy Act, and creates a new agency to oversee privacy.  

The groups say the California Privacy Rights Act, slated to take effect in 2023, will give businesses the choice of either complying with a universal opt-out mechanism, or posting a prominent link do-not-sell link on their home pages.

“Despite this choice that will become available to businesses in a short time, the FAQ response and decision to send enforcement letters ... is unnecessary and creates confusion in the market,” the groups write. (Others, including the think tank Future of Privacy Forum, believe the Consumer Privacy Rights Act will likely be interpreted as requiring companies to honor a universal opt-out mechanism.) 

Other ad industry and business organizations signing the letter are the Network Advertising Initiative, American Advertising Federation, Insights Association, California Chamber of Commerce, Digital Advertising Alliance, TechNet and State Privacy & Security Coalition.

Next story loading loading..