Privacy & Information Security Law Blog

On October 8, 2025, California Governor Gavin Newsom signed into law the Opt Me Out Act (AB-556) (the “Act”), making it the first such state law to be enacted in the U.S. The Act amends the California Consumer Privacy Act of 2018 (“CCPA”) to require web browsers to provide California consumers with the ability to send a single opt-out preference signal to all businesses with which the consumer interacts through the browser.

The Act is designed to make it easier for Californians to opt out of the sale or sharing of their personal information by using a single opt-out mechanism, as opposed to submitting multiple opt-out requests through individual websites and apps. The Act also requires browser operators to clearly disclose to consumers how the opt-out preference signal works and its intended effect. Notably, the Act provides a safe harbor from liability for browser operators that offer the opt-out preference signal functionality, in cases where a business fails to honor such a signal. The Act authorizes the California Privacy Protection Agency (“CPPA”) to issue implementing regulations.

Tom Kemp, the CPPA’s Executive Director, emphasized in a public statement that the Act is designed to give Californians “control over their personal information without having to jump through countless hoops,” and to “make[] exercising [consumers’] privacy rights at scale as simple as clicking a button in [their] browser.”

The Act will become operative on January 1, 2027.