California Privacy Rights Act Proposed Rulemaking: Comments to the California Privacy Protection Agency

Advocacy Comments

We—with the support of a group of privacy and consumer advocacy organizations—submitted comments to the California Privacy Protection Agency addressing its proposed rulemaking under the California Privacy Rights Act of 2020. Our comments focus on how the agency should craft rules around user-enabled global privacy controls—mechanisms that enable Californians to communicate their privacy choices to businesses through browser or device settings.

Ensuring all Californians can easily and effectively communicate their privacy choices is a foundational to California privacy law, which stresses the importance of consumer control, the ability to opt out of the sale of information to third parties, and the ability to use authorized agents and browser and device settings and signals to exercise rights. The comments we submitted contain a number of recommendations to the agency, which include

  • businesses should be required to include a Do Not Sell My Personal Information link on the its webpage and respect user-enabled global privacy controls
  • businesses should be required to treat currently deployed privacy choices (such as Android's Opt Out of Ads Personalization or iOS's Instruct Apps Not to Use Your Advertising ID to Build Profiles or Show You Personalized Ads settings) as user-enabled global privacy controls
  • businesses should be required to accept user-enabled global privacy control protocols that are yet to be developed
  • Californians who communicate their choices to businesses through user-enabled global privacy controls must be made aware of how a business responds to those signals


Read the full comments to learn more.