Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

How Can We Opt-Out? Let Me Count the Ways: Businesses Must Honor the Global Privacy Control as a Valid CCPA Opt-Out of Sale Request

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Culture

Offices

Careers

Stay Connected

An update to California Attorney General (AG) FAQs on the California Consumer Privacy Act of 2018 (CCPA) has garnered a substantial amount of interest. Under a new FAQ—What is the GPC?—the AG explains that the Global Privacy Control (GPC) is

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

An update to California Attorney General (AG) <a href="https://oag.ca.gov/privacy/ccpa" target="_blank">FAQs</a> on the California Consumer Privacy Act of 2018 (CCPA) has garnered a substantial amount of interest. Under a new FAQ—What is the GPC?—the AG explains that the Global Privacy Control (GPC) is a “stop selling my data switch” that is available on some internet browsers or as a browser extension to help consumers broadly signal their request to opt out of the “sale” of their personal information. It is the last sentence of the FAQ, however, that has readers paying close attention: “Under law, [the GPC] must be honored by covered businesses as a valid consumer request to stop the sale of personal information.”This statement from the AG does not come as a complete surprise. Under the AG’s regulations, covered businesses have to provide consumers with two or more designated methods for submitting opt-out of sale requests. One method must be via an interactive webform, but businesses are permitted to choose from among a variety of second opt-out methods, including a toll-free phone number, a designated email address, a form submitted in person or through the mail, or user-enabled global privacy controls.No matter which second opt-out method a business chooses to provide, however, if that business collects personal information from consumers online, then under the CCPA Regulations it must “treat user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their personal information as a valid request . . . for that browser or device, or, if known, for the consumer.” The AG has clarified in its FAQs that the <a href="https://globalprivacycontrol.org/" target="_blank">Global Privacy Control</a> (the “GPC”) qualifies as such a mechanism that businesses must treat as a valid opt-out of sale request.As the AG notes, the GPC is available on some internet browsers, like Mozilla Firefox, DuckDuckGo, and Brave, or as a browser extension. The AG describes the GPC as a way to provide consumers with an option to signal a comprehensive opt-out request, “as opposed to having to make requests on multiple websites on different browsers or devices.” On the operational side, businesses will need to implement the GPC spec on their websites and other services so that they can detect the GPC and respond by opting out the browser or device. The AG’s updated FAQs reflect a growing trend towards providing individuals not only with greater and more comprehensive control over their personal information but also with “ease” of control. This trend is amplified both by public demand and by the advent of privacy laws beyond California’s, such as the newly passed Colorado Privacy Act, which will also require covered entities to respond to a user‑selected universal mechanism to opt out of the sale of personal information, as well as to opt out of targeted advertising.

How Can We Opt-Out? Let Me Count the Ways: Businesses Must Honor the Global Privacy Control as a Valid CCPA Opt-Out of Sale Request

Sign Up

Clients seek out Julie because of her practical advice on cutting-edge issues at the intersection of privacy and consumer protection laws. She provides clients with practical solutions to compliance challenges around a wide variety of both online and offline privacy issues, including tracking, interest-based advertising, geo-targeting and other mobile tracking, personalization, and cross-device tracking. Recognized in The Legal 500 US 2014, 2016, 2019, and 2020 and Chambers USA 2021 for her exceptional legal work, her clients praise her saying, “She is really good at giving practical, targeted advice and taking stock of what the risk profile of the client is, so that the advice is holistic.” (Chambers USA 2021).Julie provides clients with creative and practical advice on meeting the requirements of state and federal privacy laws, including the Federal Trade Commission Act (FTC), the California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and the Family Educational Rights and Privacy Act (FERPA). She crafts guidelines and compliance programs for clients’ collection, use, and disclosure of personal information in diverse contexts and throughout the life cycle of their initiatives, such as for connected products (the Internet of Things) and mobile services. She also drafts privacy and cookies policies, online service terms of use, agreements involving online and offline advertising and marketing practices, and agreements concerning a variety of data uses. In addition, Julie helps clients assess and manage privacy risks, including in connection with mergers, acquisitions, and other strategic transactions.Julie creates compliance programs for clients’ use of a wide variety of channels for communicating with and marketing to consumers, including email, telephone, text message, and fax, both in the United States and around the world. She works with clients to develop their social media strategies and to clear their social media content. She also reviews advertising in both traditional and new media for compliance with applicable laws, including Section 5 of the FTC Act and various FTC rules and guides. In addition, she works with clients to structure, market, and implement their sweepstakes, contests, and other promotions in compliance with applicable laws.As a former FTC staff attorney, Julie regularly defends companies in investigations by the FTC and before data protection authorities around the world.<h4>Representative Experience</h4><ul><li>A company that creates online software used by schools in an FTC investigation of alleged COPPA violations.</li><li>A consumer services company investigated by the Korean data protection authority for alleged privacy violations</li><li>A manufacturer in connection with a challenge of its environmental advertising claims by the FTC </li><li>An advertising services company in an investigation of alleged privacy-related violations of the FTC Act</li><li>An online provider of entertainment services in an FTC investigation of alleged COPPA violations</li><li>A beverage company in an FTC investigation of alleged COPPA violations</li></ul>Before attending law school, Julie was a Peace Corps volunteer in The Gambia, West Africa.

Julie O'Neill

Partner

Mary Race assists clients with a wide range of challenging privacy compliance and data security matters. Her practice focuses on managing privacy risks and helping clients develop and implement comprehensive privacy programs across a variety of industries, including tech, retail, manufacturing, advertising, social media, and communications.Mary is a go-to source of guidance on the California Consumer Privacy Act (CCPA) and other state privacy laws, as well as a thought leader on the complexities of these laws, offering clients practical compliance advice. She also counsels clients on privacy matters worldwide, including advising one of the world’s largest international companies on deploying new technologies in 40+ jurisdictions.Mary works on high-profile M&A transactions for multinational clients, such as Salesforce, the global leader in customer relationship management. She frequently advises cutting-edge startups as well as tech industry and social media giants on the privacy and data security aspects of their platforms, products, and services.Mary has a history of commitment to pro bono service. In law school, she volunteered for Pro Bono Students Canada, with a focus on environmental law and social justice.  She continues her pro bono work at MoFo, where she argued an appeal for a pro bono client before the U.S. Court of Appeals for the District of Columbia Circuit and supports pro bono clients in building out their privacy programs.Following her studies at McGill University’s Faculty of Law, Mary served as a law clerk to the Honorable Justice Louis LeBel of the Supreme Court of Canada. Prior to joining the firm, Mary was a development consultant for Human Rights Watch and taught writing at the University of Southern California.Mary is also an accomplished pianist and organist.