The Impact of Visibility on the Right to Opt-out of Sale under CCPA

The California Consumer Protection Act (CCPA) gives users the right to opt-out of sale of their personal information, but prior work has found that opt-out mechanisms provided under this law result in very low opt-out rates. Privacy signals offer a solution for users who are aware of their rights and are willing to proactively take steps to enable privacy-enhancing tools, but this work findsthat many users are not aware of their rights under CCPA and that current opt-out rates are very low. We therefore explore an alternative approach to enhancing privacy under CCPA: increasing the visibility of opt-out of sale mechanisms. For this purpose, we design and implement CCPA Opt-out Assistant (COA), a browser extension that automatically detects when websites sell personal information and presents users with a visible, standardized banner that links to the opt-out of sale mechanism for the website. We conduct an online user study with 54 participants that finds that these banners significantly increases the rate at which users opt-out of sale of their personal information. Participants also report less difficulty opting-out and more satisfaction with opt-out mechanisms compared to the native mechanisms currently provided by websites. Our results suggest that effective privacy regulation depends on imposing clear, enforceable visibility standards, and that CCPA's requirements for opt-out of sale mechanisms fall short.