This week, Mozilla submitted comments in response to the California Privacy Protection Agency’s Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act (CPRA).
Mozilla has long been a supporter of data privacy laws that empower people, including the trailblazing California privacy laws, California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We welcome the opportunity to offer feedback as California considers how to best evolve its privacy protections, and we support the progress made thus far, particularly as federal efforts languish — but there’s more to do.
Our comments this week focused specifically on Global Privacy Control (GPC), a mechanism for people to tell companies to respect their privacy rights through their browser. Once turned on, GPC sends a signal to the websites that people visit, telling them that the person does not want to be tracked and does not want their data to be sold. Mozilla is experimenting with GPC within Firefox and we think it can play an integral role in making a right to opt-out meaningful and easy to use for consumers.
Unfortunately, the enforceability of GPC under CCPA remains ambiguous, with competing interpretations of do-not-sell requirements and with many businesses uncertain about their exact obligations when they receive a signal such as the GPC. The practical impact is that businesses may simply ignore the GPC signal. Mozilla therefore encourages the California AG—and other privacy agencies globally—to expressly require businesses to comply with GPC. Regulators must step in to provide enforcement teeth and to ensure consumers’ choices are honored.
For Mozilla, privacy is not optional. We will continue to work with policymakers and regulators in California and across the globe to advance an Internet that truly treats people’s privacy and security as fundamental.