To opt-in or opt-out? The data privacy landscape in Europe sees consent as an opt-in mechanism under the GDPR. In the US, laws in Virginia and Connecticut also require opt-in consent, regarding sensitive personal information.
In 2019, US privacy laws arrived on the scene with the California Consumer Privacy Act (CCPA) and subsequent state laws in California, Virginia, Colorado, Utah, and Connecticut. These all follow an opt-out mechanism for consent in most areas.
These five US state privacy laws all have their own unique opt-out requirements. This blog will help you understand the following:
Let’s take a look at the different types of opt-out definitions across the new regulations, and which state requires which.
Targeted advertising (TA)
Universal opt-out signals (U)
Global Privacy Control – The GPC is a universal opt-out signal that users can either set at a browser level (depending on the browser) or through a browser extension (such as Privacy Badger on Google Chrome). This allows a user to define their preferences across the internet when initially landing on a website. As such, organizations under the jurisdiction of laws requiring universal opt-out signals will need to be able to read the GPC as users visit their digital properties and honor the opt out of the sale and the sharing of personal information.