The California Privacy Protection Agency (CPPA), referred to as “CalPrivacy”, is asking for input—and what comes next could directly impact how your business handles opt-outs and data rights. There are just a few days left for businesses around the U.S. to weigh in on a key California privacy issue that could shape future compliance requirements. Public comments must be submitted to CalPrivacy by April 8, 2026.
This effort is rooted in the California Consumer Privacy Act (CCPA) and its implementing regulations, which require businesses to provide consumers with a range of privacy rights—including the rights to access, delete, correct, and opt out of the sale or sharing of their personal information. The law also requires businesses to honor universal opt-out preference signals as valid requests.
Now, CalPrivacy is evaluating whether those rules are working as intended—and whether they should be updated. Through this invitation for preliminary comments from businesses around the country, the agency is exploring how “friction” shows up in real-world opt-out processes and whether additional or revised regulations are needed.
For ecommerce businesses, this is highly relevant. Opt-out mechanisms and preference signals directly impact website design, tracking technologies, advertising practices, and customer data management. As we’ve covered in our previous posts on California’s universal opt-out signals, the DROP tool, and recent enforcement trends, expectations are not only increasing—they are becoming more specific and more strictly enforced.
While this request is specific to California, its impact is likely to extend well beyond the state. California often sets the direction for privacy regulation nationwide, meaning today’s standards can quickly become tomorrow’s expectations elsewhere—making it important for ecommerce businesses in every state to pay attention and weigh in.
This comment process is a rare opportunity for businesses to help shape what comes next. If your team has dealt with challenges around opt-outs, conflicting technical requirements, or unclear standards, now is the time to provide that input.
Submissions can be emailed by April 8, 2026 to regulations@cppa.ca.gov with the subject line “Preliminary Comments on Reducing Friction and Opt-Out Preference Signals.” The agency has specifically asked for practical examples, implementation challenges, and feedback on how these requirements function in real-world environments. Commenters are encouraged to review this “Tips for Submitting Effective Comments” PDF for help formulating and submitting effective comments.
Email submissions are preferred by they sent by mail to:
California Privacy Protection Agency
Attn: Legal Division – Regulations
400 R St., Suite 350
Sacramento, CA 95811
The bottom line is clear: California is not slowing down on privacy—it’s refining and expanding it. This request for input signals that more detailed rules are likely coming, and that expectations around “frictionless” opt-outs will only increase.For ecommerce businesses, this is both a warning and an opportunity. But the window to influence these rules is closing quickly.Whether you’re an EIA member or not, if you have encountered challenges implementing opt-out processes or preference signals, we strongly encourage you to share your experience with regulators now. Your input can help ensure future rules reflect how ecommerce businesses actually operate—and avoid unintended compliance burdens.
Join the EIA today to help strengthen and shape policies that affect all ecommerce businesses. Together, we can continue to create the future of ecommerce. Subscribe to EIA email updates to stay informed on key developments and their impact on your business.
Ecommerce Innovation Alliance provides members with analysis of litigation and regulatory developments affecting online commerce and digital marketing. This post is for informational purposes only and does not constitute legal advice.
