Most of us have seen those annoying pop-up screens when browsing the web that ask us to accept some turgid privacy policies or approve the use of cookies to track our sessions. California and a few other states are trying to make things more secure and protect our privacy by introducing new regulations that will go into effect in the coming months or years. One of these technologies is called a universal opt-out preference signal or sadly the acronym OOPS. California’s explanation can be found here.
The universal part of the deal is that many websites will recognize these signals, so users don’t have to individually opt-out of tracking for each website that they visit where they are buying something online or sharing their personal information (such as a social network). CalOOPS will make this mandatory in January 2027. That is a long ways off to wait for this convenience. Several other states are moving to enact similar laws, although it is a long road ahead. The OOPS signals are already not required in six of the 19 states that have privacy protections — just showing how much of a crazy quilt our privacy picture is and will continue to be.
The OOPS laws are just one of a triad of regulations that were enacted earlier this month in California. The others required major social media platforms to provide users with a clear way to delete their accounts and ensure that the data in your account would be completely wiped. The third law requires data brokers to more stringent standards, including how deletion requests are handled by a new service called DROP. Those two go into effect in January 2026. Husch Blackwell (who does an excellent job tracking state privacy laws) has more info on this page describing the three laws.
DROP stands for Data Removal and Opt-Out Platform, and it will be a central place where consumers can begin the process of removing their data from multiple data brokers. If you have ever tried this on your own, you probably know how frustrating the process can be: first, the brokers are numerous and many of which are companies that you probably never heard of. Here is a list of more than 600 of them. Then, once you can find one, they make this deletion action as obscure as possible, or put you through various pathways (download a special app, submit a web form) that don’t inspire confidence. And realistically, how many brokers are you going to do this with anyway? And finally, is Facebook et al. a broker or a social network or just all-around evilness?
Remember the do-not-track phone settings on your phone? Probably not, because these were for the most part ineffective, and not mandatory. These new laws have enforcement provisions. We’ll see if that matters in the end.
Browser vendors with privacy controls are one answer, such as Brave, DuckDuckGo, or extensions such as PrivacyBadger (which I wrote about here). I have been using Opera Air, which has an ad blocker built in. There are two problems. First, these browser-based tools don’t always work on some websites that require pop-ups as part of a normal workflow, or the websites don’t want you to run ad blockers, because they lose revenue from displaying the ad banners. And second, as you might have guessed, there are no federal data privacy laws, and given the state of our Congress, chances are slim that we will see any soon. That means that laws could be enacted that work at cross-purposes.
I would be interested in hearing any strategies that work for you.
David, Thanks for addressing this. I use DuckDuckGo and Privacy Badger. As you pointed out, some sites won’t work if you don’t allow their cookies, tracking, etc., so sometimes I have to use Firefox or even Advantage. I really avoid Chrome.
Consumer Reports has an app called “Permission Slip” that makes it easier (not easy, though) to ask data brokers to delete the dossiers they have on us. It’s free if you want to do a lot of work yourself – but that still would be much much easier than doing it entirely on your own. For about $60, they offer a sort of concierge service which makes it easier. I’ve used this to successfully get removed from quite a few data brokers. But many either don’t respond, or they reply that in my state of residence, they can’t (or won’t) do anything. It’s annoying but worth doing. The whole thing is a massive pain in the you know what.
Thanks Jan. Here is where you can download the CR app.
Unfortunately, the data snoops that I worry more about are the dark web criminals and the foreign authoritarian states.
For web browsing the umatrix plugin is difficult but rewarding. Many sites work fine with most JavaScript blocked. Often with much better performance too.
For phone apps I don’t have an answer. It’s too easy to hide malware in an app.
No strategy here, but in the last month, an active ad blocker, AdBlock, messed my use of eBay and I was unable to complete a transaction which, of course, included a popup asking me if I wanted to pay for AllState insurance for the computer nugget I had bought. I called eBay and spoke to a real person who explained the cause of the problem to me. So AdBlock no longer blocks ads on eBay for me.