California’s Opt Me Out Act of 2025 requires all internet browsers, by January 1, 2027, to include a feature allowing users to signal websites not to sell or share their personal data. The California Privacy Protection Agency (CPPA) will develop and enforce related regulations, extending the reach of existing CCPA opt-out rights.
In comments to Lexology PRO, McCarter & English partner and co-leader of its Cybersecurity & Data Privacy group Erin M. Prest noted that ignoring these opt-out signals could be used as evidence of broader privacy non-compliance, potentially triggering enforcement or litigation. Group co-leader and partner Zachary Myers added that while the law targets browsers, its impact will be nationwide, as regulators in other states may hold companies liable for disregarding clear consumer opt-out preferences.
With similar privacy laws emerging across the US, businesses should move toward uniform, cross-state compliance systems to recognize and respect opt-out preference signals and mitigate enforcement risks.