On September 9, 2025, California Attorney General Rob Bonta, in coordination with the California Privacy Protection Agency and the Attorneys General of Colorado and Connecticut, announced a joint investigative sweep focused on businesses that fail to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals.

Why This Matters:

This announcement reinforces regulators’ continued focus on Global Privacy Control (GPC) compliance, building on California’s previous enforcement action—the $1.2 million settlement with Sephora for violations related to GPC signals. This coordinated action underscores the growing trend of multi-state privacy enforcement and heightened scrutiny of compliance with automated opt-out mechanisms under state privacy laws, including the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA).

Key Compliance Requirements:

1. Recognize and honor GPC signals as valid opt-out requests. Have a clear understanding of what online tracking technology is deployed on the websites and what technologies are restricted via opt-out choices.
2. Provide clear guidance regarding opt-outs and GPC signal rights.
3. Where necessary, provide a clear and conspicuous “Do Not Sell or Share My Personal Information” link.
4. Avoid requiring consumers to create an account to exercise opt-out rights.
5. Establish a routine audit process or a website governance committee to ensure that websites comply with relevant regulatory frameworks, including via vendor diligence.

How Nelson Mullins Can Help:

Our Global Privacy & Security  & Privacy Litigation teams can assist with:

1. Conducting compliance assessments for GPC and other opt-out mechanisms.

2. Reviewing and updating privacy policies, notices, and technical configurations.
3. Drafting vendor diligence materials.
4. Providing training and guidance to mitigate enforcement risk.
5. Responding to demands, complaints, and regulatory investigations.

If you have questions or would like to schedule a compliance review, please contact your Nelson Mullins attorney or a member of our Global Privacy & Security team.