Freak Pulse

tracking the news, one byte at a time

, ,

·

Websites break California privacy law at ‘industrial scale,’ survey finds

309 words

|

1–2 minutes

Freak Pulse

Websites break California privacy law at ‘industrial scale,’ survey finds

Policy, Legal & Regulatory

Websites break California privacy law at ‘industrial scale,’ survey finds (Themarkup)

Summary: A webXray audit of over 7,000 popular websites from a California IP address found widespread noncompliance with the California Consumer Privacy Act’s Global Privacy Control (GPC) requirement. The report alleges ‘industrial-scale noncompliance,’ with Google, Microsoft, and Meta trackers frequently ignoring or failing to check for the user opt-out signal. The California Privacy Protection Agency has previously levied fines for such violations, and webXray estimates potential penalties in the billions if enforced. The implicated tech companies dispute the findings, citing operational necessities or misunderstandings of their systems.

Websites break California privacy law at ‘industrial scale,’ survey finds
Image via Themarkup

Why it matters: This exposes a critical enforcement gap in a foundational U.S. privacy regime, revealing that statutory consumer rights are being systematically ignored by the ad-tech ecosystem, shifting compliance risk and bargaining power toward regulators and litigants.

Context: The CCPA/CPRA mandates honoring the GPC signal, and the CPPA has begun active enforcement, including a $1.2 million settlement with Sephora in 2022. This audit provides scalable, technical evidence of non-compliance beyond individual complaints.

"The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our." — THEMARKUP

Commentary: The technical specificity of the failure modes—not checking for the signal versus ignoring it—suggests non-compliance is a default engineering posture, not an oversight. This creates a direct evidentiary trail for regulator action and class-action litigation under the CCPA’s private right of action. The industry’s defensive posture indicates a strategic calculation that the cost of non-compliance currently outweighs the cost of retrofitting ad-tech infrastructure, a calculus the CPPA’s fine authority is designed to change.

Date: Tue, 21 Apr 2026 08:00:00 -0400
URL: https://themarkup.org/privacy/2026/04/21/websites-break-california-privacy-law-at-industrial-scale-survey-finds
AI Sentiment Score: Negative (83%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.

Post ID: 90113bc3