NJ Universal Opt-Out Requirement Takes Effect
A New Jersey requirement that recognizes universal opt-out mechanisms (UOOMs) becomes enforceable in the state’s comprehensive privacy law on Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“Beginning not later than six months following the effective date of” the New Jersey Data Privacy Act (NJDPA), which was Jan. 15 (see 2501060066), “a controller that processes personal data for purposes of targeted advertising, or the sale of personal data shall allow consumers to exercise the right to opt out of such processing through a user-selected universal opt-out mechanism.” Users may activate UOOMs in web browsers to send a signal that lets them opt out of all websites at once.
“Head over to your IT or website management teammate, bring them a coffee (in person or virtually) and ask if your company websites are configured to recognize a Universal Opt Out Mechanism,” said New Jersey-based privacy attorney Alfred Brunetti of Porzio Bromberg in a LinkedIn post Monday. “Even if [your] business practices don't bring you into scope of the NJDPA, because numerous other state comprehensive data privacy laws require UOOMs to be recognized, your chat with IT on this point could result in [a] quick win.” About a dozen states’ comprehensive privacy laws require companies to honor UOOMs.
Draft regulations for implementing the New Jersey law didn’t specifically mention the Global Privacy Control, a technology recognized as a valid UOOM by the Colorado Privacy Act, noted Brunetti. But the draft rules “contain some helpful technical clarifications around what [New Jersey] would consider a UOOM,” he said (see 2506170037). Comments on the draft are due Aug. 1.