The recent announcement of multi-state investigations and actions by the CPPA (California Privacy Protection Agency) show that that US enforcement of laws to protect online privacy are catching up with Europe, and could even soon surpass it.
On top of the large fines imposed on companies such as Honda US and national retailer Todd Snyder, there are demands that they comply with approriate provisions of the CCPA (California Consumer Privacy Act), e.g. that they "develop, implement and maintain procedures" to ensure user opt-outs for data sale/sharing are respected, including the correct processing of browser generated opt-out signals. It is also incumbant on these companies to ensure that once a consumer has opted-out their data is not shared with others, including via "third-pary tracking technologies".
It will soon be law for browser companies operating in California to support the GPC (Global Privacy Control) opt-out signal, and this setting will probably be quickly employed by the majority of consumers, This "fact-on-the-ground" converges the EU's theoretically more stringent opt-in requirement with the standard US State law opt-out, as the vast majority will soon configure their browser to permantently signal their opt-out. This will inevitably lead to investigators focussing much more on the actual reality of how websites react to opt-out signals, i.e. not only on how effective the user disclosures or interface is (such as the placement or appearance of buttons), but whether they actually curtail the technologies designed to track people.
The CCPA provisions that encorage implementing opt-out signals in a "frictionless manner" could also be usefull in Europe, complementing the default opted-out mode and helping to reduce the "annoying pop-ups" problem, e.g. if the site detects the GPC signal it should avoid showing the pop-up consent banners.
Hopefully European regulators will emulate this approach and ensure that consent management platforms effectively also stop the still ubiquitous third-party tracking that still occurs on most websites.
If you want a CMP that sctually stops non-agreed tracking, ensures respect for any opt-out signal, and eliminates privacy compliance risks contact us.