At least for for a decade, privacy advocates have dreamed of a universal, legally enforceable one “Don’t follow” setting. Now, at least in the most populous state in the United States, that dream has become a reality. So why isn’t it Apple – a company that increasingly using privacy as a point of sale“Helping your clients take advantage of that?”
When California passed California Consumer Protection Act In 2018, it came with a big star. In theory, the law gives California residents the right to tell websites not to sell their personal information. In practice, exercising that right means clicking through an infinite number of privacy policies and cookie notifications, one by one, on every site you visit. Only a masochist or a persistent privacy enthusiast wouldn’t bother to click on cookie settings every time they ask for a menu or buy a vacuum cleaner. For most people, privacy will remain a right that only exists on paper until there is an easy way to turn off tracking all over the internet with one click.
The good news is that this ideal is getting closer to reality. Although the CCPA does not explicitly mention global exclusion, regulations interpreting the law passed by the California Attorney General in 2020 specified that companies will have to comply with it just like individual requirements. Universal exclusion technology didn’t really exist yet, but last fall, a coalition of companies, nonprofits and publishers discovered a technical specification for global privacy control that can send a CCPA “Do Not Track” signal at the browser or device level.
Today, if you live in California, you can enable global privacy control through using a privacy browser like Locks or downloading privacy extensions, for example DuckDuckGo or Privacy Badger, in any browser you already use. (Seriously, do it. The full list of options is here.) Once you do, you’ll automatically tell the sites you visit “Don’t sell my personal information” without having to click anything — and, unlike previous universal exclusion efforts, any decent size a company operating in California will legally comply, which requires adding only a few lines of code to their website.
The state of implementation of the ZPPU is still unclear, as some companies oppose a broad interpretation of the state prosecutor’s law. But the California government has begun to make it clear that it intends to implement a global privacy control requirement. (More recently passed The California Privacy Rights Act, which takes effect in 2023, makes this requirement more explicit.)
Mid-July, Digiday reported that Chief Prosecutor Rob Bonte’s office “sent at least 10, and perhaps more than 20 companies, letters urging them to respect the GPC.” And recently one item appeared list the CCPA enforcement action on the Attorney General’s website noting that the company was forced to start complying with the signal.
Bad news. While it’s much easier to install a privacy extension or browser than to click on a million pages about privacy, the vast majority of people still won’t do it. (It remains to be seen if DuckDuckGo papering American highways and cities with billboards will inspire a new wave of privacy connoisseurs.)
This is pretty important, because online privacy rights are collective, not individually. The problem with ubiquitous tracking is not just that it can allow someone to access your personal location information and use it to ruin your life, it happened recently to a Catholic priest whose commercially available data from Grindre revealed a pattern of frequent visits to gay bars. Even if you personally disconnect from surveillance, you still live in a world shaped by surveillance. Tracking-based advertising contributes to the decline of quality publications eating away at the premium that advertisers pay to reach their audience. It’s cheaper to find those readers on social media or even on extreme news sites. He turbocharged the incentive to tirelessly increase engagement on social media platforms. None of this will go away until a critical mass of people give up tracking.