- within Government, Public Sector and Coronavirus (COVID-19) topic(s)
- with readers working within the Banking & Credit industries
On September 9, 2025, the California Privacy Protection Agency ("CPPA") announced a multi-state investigation into businesses that fail to honor consumer opt-out requests. As our readers are aware, the CPPA protects the privacy rights of Californians by implementing and enforcing the California Consumer Privacy Act ("CCPA"). The large-scale privacy investigation will be conducted with assistance of the Attorneys General of California, Colorado, and Connecticut.
What is the Focus of the Opt-Out Investigation?
Among other privacy protections, the CCPA requires that online businesses offer consumers two methods to opt out of the sale/sharing of their data:
- Global Privacy Control ("GPC") – The GPC allows users to automatically signal to websites that they would like to opt-out of the "sale" and "sharing" of their personal information. This "stop selling or sharing switch" is available on some internet browsers, like Mozilla Firefox, or downloadable as a browser extension.
- Opt out one business at a time – Businesses that sell or share personal information must provide a clear and conspicuous "Do Not Sell or Share My Personal Information" link on their website. This link must allow consumers to submit opt-out requests and cannot require consumers to create an account before submitting requests.
The focus of the investigative sweep concerns option 1: GPC. The coalition of states will be contacting businesses that they believe may not be processing consumer opt-out requests submitted via GPC and directing them to comply.
Businesses Must Honor Opt-Out Requests
Violating the CCPA can result in significant penalties. The statute permits state authorities to seek fines of up to $7,500 per intentional violation and $2,500 per unintentional violation. Note that the total fine is uncapped. Businesses must honor consumer opt out requests, whether they are submitted globally or individually, lest they risk incurring significant monetary penalties.
Now is the time to ensure that your business is complying with consumer opt out requests. As California Attorney General Rob Bonta stated, "California and our sister states are committed to continued collaboration to actively enforce consumers' important privacy rights and are paying close attention to business compliance with the Global Privacy Control."
Hire experienced counsel to review your consumer data privacy compliance practices and procedures to reduce risk. The attorneys at Klein Moynihan Turco have significant experience in defending businesses against regulatory actions involving state privacy laws and assisting them with compliance so that future claims may be prevented.
Similar Blog Posts:
KMT's David Klein Quoted in Adweek: Google, Pinterest Look to Limit California's Privacy Laws
California Rules that Websites are Not Places of Public Accommodation under ADA
California Continues to Enhance Children's Privacy Rights
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
