CPPA Sponsors Personal Information Protection Bill

Key Takeaways

• AB 566 Requirements: The bill mandates that browsers and mobile operating systems offer a one-step opt-out tool for consumers to limit the sharing of personal data.
• Sensitive Data Protection: The bill targets protection for sensitive data, including health, financial status, and children's information.
• Mainstream Browser Compliance: Google Chrome, Microsoft Edge, and Apple Safari would be required to implement opt-out signals, promoting greater privacy.
• Setting a National Standard: If passed, California would set a precedent for national privacy protection and influence potential federal regulations.
• Easier Protection for Parents: The bill provides parents with a streamlined way to protect their children's data from misuse.

Deep Dive

California State Assembly member, Josh Lowenthal, introduced Assembly Bill (AB) 566 on February 12, 2025, backed by the California Privacy Protection Agency (CPPA). The bill aims to empower Californians with a simple, one-step tool to manage their digital privacy—requiring web browsers and mobile operating systems to provide users with an easy opt-out option for sharing their personal data.

"I firmly believe in the right to privacy. Our data is our property, and it should be treated as such. This bill is about giving people the tools they need to protect what’s theirs,” said Lowenthal. "Too many consumers don’t realize how their personal information is collected and used when they browse the internet. AB 566 changes that by requiring a global opt-out setting in all browsers, ensuring privacy is protected with minimal effort."

Personal data—everything from health to political views—has become a hot commodity for businesses. But as companies collect, share, and repurpose this sensitive information, many consumers are left in the dark about how it's being used. This leaves them vulnerable to misuse, whether it’s through targeted ads or even more invasive practices.

Maureen Mahoney, Deputy Director of Policy & Legislation at the CPPA, emphasized the urgency, "It’s never been more important for consumers to easily limit the sale and sharing of their personal information. AB 566 will give Californians access to a simple, one-step tool that will allow them to protect their data without jumping through hoops.”

Fighting for Privacy, Especially for Kids

A core feature of AB 566 is its emphasis on protecting children’s data. In today’s digital world, kids are increasingly exposed to apps that collect their personal information without their parents' consent. AB 566 aims to give parents the ability to block data-sharing practices with a single request, ensuring children’s privacy is safeguarded.

This concern is more than just hypothetical. In 2024, the California Attorney General and the Los Angeles City Attorney took action against Tilting Point Media for collecting and selling children’s data through its app “SpongeBob: Krusty Cook-Off.” This type of data misuse is exactly what AB 566 seeks to stop, putting parents in control of their children's digital footprints.

Making Privacy Simple

Currently, the California Consumer Privacy Act (CCPA) provides consumers the right to opt out of the sale of their personal information, but navigating the process often means submitting individual requests to each company. AB 566 seeks to eliminate this burden by mandating that all browsers support opt-out preference signals—a feature that automatically sends a privacy request to every website a user visits.

While privacy-centric browsers like Brave, DuckDuckGo, and Mozilla Firefox already offer this feature, mainstream browsers like Google Chrome, Microsoft Edge, and Apple Safari have been slow to adopt it. AB 566 would change this by requiring them to implement these privacy tools as a standard, potentially transforming the digital landscape for the better.

But it doesn’t stop at browsers. The bill also extends to mobile operating systems, allowing users to easily protect their data across apps, not just websites.

Setting the Standard for National Privacy

If AB 566 passes, California will become the first state to mandate browser support for opt-out preference signals—a landmark move that could influence other states and even federal regulations. Currently, about a dozen states, including California, require businesses to honor these privacy signals, but AB 566 would go a step further, turning the signal into a requirement, not a mere suggestion.

As businesses continue to collect personal data in ways that often leave consumers unaware or powerless, AB 566 offers a practical solution. The bill puts privacy in the hands of consumers, ensuring that their personal data isn’t shared without their consent—without the need for constant vigilance.

By making privacy tools more accessible, AB 566 offers a meaningful way for Californians to take control of their digital lives. With the bill, the hope is clear that when it comes to personal data, consumers should always have the final say.

IT security teams, too, must recognize the broader implications of this bill, as it adds another layer to the growing demand for stringent data protection practices. By facilitating easy opt-out mechanisms for consumers, AB 566 could help mitigate risks tied to data misuse, ensuring compliance and that consumer information is safeguarded and reducing potential vulnerabilities for businesses.

As privacy continues to be a significant concern in today’s digital landscape, AB 566 offers a robust solution to ensure that consumers are empowered while also signaling to businesses the importance of robust privacy practices. In the world of IT security, this bill encourages organizations to enhance transparency and trust by offering simple yet effective tools to comply with consumers' privacy preferences, ultimately benefiting both businesses and the individuals they serve.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.