States Band Together to Call Out Businesses Dodging Privacy Opt-Outs

Key Takeaways

• Multi-State Action: The California Privacy Protection Agency (CPPA) joined with the Attorneys General of California, Colorado, and Connecticut in an investigative sweep targeting businesses refusing to honor Global Privacy Control (GPC) opt-out signals.
• Consumer Rights at Stake: Authorities stress that consumers have a legal right to stop the sale or sharing of their personal data, and businesses are obligated to respect that choice.
• High-Profile Warnings: California AG Rob Bonta, Connecticut AG William Tong, and CPPA Executive Director Tom Kemp emphasized that honoring GPC signals is non-negotiable.
• Broader Enforcement Context: The CPPA has recently issued fines against Honda and Todd Snyder, shuttered a data broker, and launched cross-border collaborations with regulators in Europe and Asia.
• Compliance Reminder: Companies should ensure they process GPC signals and provide clear opt-out mechanisms to avoid costly enforcement actions and reputational damage.

Deep Dive

Privacy regulators in California, Colorado, and Connecticut are tightening the screws on companies that still aren’t getting the message. The California Privacy Protection Agency (CPPA) joined with the Attorney Generals of California, Connecticut, and Colorado states in announcing a joint sweep of businesses suspected of ignoring Global Privacy Control (GPC) signals, the simple browser setting that tells companies to stop selling or sharing a consumer’s personal information.

The statements from officials left little room for interpretation. California Attorney General Rob Bonta called the opt-out right “an important way for Californians to take back control of their personal data” and warned that businesses refusing to honor it have been asked to “immediately come into compliance with the law.”

Connecticut’s Attorney General William Tong took a similar tone, describing privacy as “non-negotiable” and reminding businesses that his state’s law also lets residents access, correct, delete, and opt-out of targeted advertising. And Tom Kemp, the CPPA’s Executive Director, underscored that the effort isn’t confined to one state’s borders, “Collaboration with our partners in other states is essential… we will continue working across jurisdictions to protect Californians’ privacy.”

In other words, the regulators aren’t just looking inward. They’re coordinating outward, and they want businesses to know that privacy enforcement has become a team sport.

A Pattern of Action

For most people, data collection feels invisible until it isn’t. Websites quietly track what you read, how long you linger, and what you buy. The average person produces about 1.7 MB of data every second, a staggering figure that explains why profiles of consumers are so easy to create and so tempting to sell. Tools like GPC are meant to flip that dynamic, handing individuals a way to shrink their digital footprint without clicking through endless opt-out forms.

If businesses ignore GPC, they’re not just undermining a technical standard, they’re eroding the core promise of privacy laws passed in recent years.

This also isn’t the first time the CPPA has made headlines for holding companies accountable. Honda was fined more than $600,000 for CCPA violations, Todd Snyder was ordered to pay over $300,000, and data broker Background Alert was told to either shut down or face stiff penalties. Beyond state borders, the agency has linked arms with regulators in Europe and Asia, while at home it helped launch the bipartisan Consortium of Privacy Regulators.

Put simply, this sweep isn’t an isolated flare-up. It’s part of a deliberate pattern of scaling enforcement, broadening alliances, and setting expectations that companies must adjust their systems, not just their policies, to meet consumer rights.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.