Key players: CalPrivacy leads the effort, targeting businesses subject to the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Legislation includes the California Opt Me Out Act (AB 566), signed October 2025 by Governor Gavin Newsom, mandating browser-based OOPS by January 1, 2027. OOPS encompasses signals like Global Privacy Control (GPC); recent enforcements involved companies such as PlayOn Sports, Ford, and Disney for opt-out failures.[2][3][4][5][6][8][15]
Context and timeline: CCPA/CPRA grants Californians opt-out rights for personal data sale/sharing in targeted advertising, requiring "frictionless" processing—no fees, degraded service, or barriers like extra verification.[2][6][10][12] Enforcement ramped up in 2024-2026 with fines (e.g., PlayOn's $1.1M settlement) for non-compliance, including ignoring GPC or adding steps.[5][6][7][9] January 1, 2026, added requirements for businesses to confirm signal processing; the Opt Me Out Act shifts burden to browsers for universal signals.[3][8][11][15] CalPrivacy's March 6 call probes challenges like applying signals to profiles/devices and regulatory gaps.[1][3][7]
Newsworthy now: Announced March 25, 2026, amid 2026's early enforcements exceeding $4.2M in penalties, signaling potential rules tightening "frictionless" OOPS amid rising consumer use and business hurdles—just weeks into new CCPA mandates and two months before browser compliance deadline.[3][5][9][15]