The California Attorney General has updated its CCPA FAQs to state that the newly developed Global Privacy Control (“GPC”) “must be honored by covered businesses as a valid consumer request to stop the sale of personal information.”

This change appears to draw on Section 999.315(c) of the CCPA regulations, which states that “[i]f a business collects personal information from consumers online, the business shall treat user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their personal information as a valid [opt-out of sale] request . . . .”

This update to the FAQs comes after former Attorney General Xavier Becerra tweeted in January 2021 that the GPC satisfies the legal requirement for “businesses to treat a user-enabled global privacy control as a legally valid consumer request to opt out of the sale of their data.”