California continues to lead the way in digital privacy. Its latest step is AB 566, the California Opt Me Out Act. This new law amends the already robust California Consumer Privacy Act (CCPA) and specifically targets how internet browsers empower users to control their personal information.
AB 566 requires that all consumer web browsers (i.e., Chrome, Firefox, Safari, and others) make it simple and obvious for users to send a technical “opt-out preference signal” to websites. This signal tells websites not to sell or share the user’s personal information (as required by the CCPA).
The key provisions of AB 566 include:
- Easy-To-Use Opt-Out Function: By January 1, 2027, every business that develops or maintains a web browser for consumers must include an accessible, easy-to-find control that lets users send an opt-out signal to websites.
- Transparency Required: Browser providers must clearly disclose:
- How their opt-out function works
- What effect using the signal has.
- Liability Shield for Browsers: If a website fails to honor a user’s opt-out signal, the browser is not liable, as long as it provides the signal in accordance with the law.
- Further Rulemaking: The California Privacy Protection Agency is authorized to adopt additional regulations if necessary to clarify or enforce these new requirements.
Note that “browser” is defined under AB 566 as “any software consumers use to access internet websites;” “opt-out preference signal” is “a technical signal, made easy to send, that communicates a user’s decision to block the sale or sharing of their personal data.”
AB 566 is designed to further empower California consumers, making it easier to exercise their privacy rights under the CCPA and the California Privacy Rights Act. Instead of navigating complicated website settings or privacy forms, consumers can use their browser’s built-in privacy controls to express their preferences with a simple click.
Beginning in January 2027, if you use a browser in California, you’ll have a clear and convenient way to tell websites not to sell or share your data with just one simple click. If you develop or maintain a browser, now’s the time to start thinking ahead about compliance, design, and user communication.
[View source.]
