California's "Opt Me Out Act" Makes Browser-Based Opt-Out a Baseline (captaincompliance.com)

California passed AB 566—the Opt Me Out Act—requiring any browser operating in California to provide a native, one-click setting that sends a machine-readable opt-out signal instructing sites not to “sell” or “share” personal information, aligning browser behavior with CCPA/CPRA rights. The law (effective Jan 1, 2027) empowers the California Privacy Protection Agency to issue implementing regulations and clarifies that mobile browsers (e.g., Safari on iOS, Chrome on Android) are in scope while mobile operating systems are not. (The enacted bill number is AB 566, not AB 556 as some reports misstated.) For the AI/ML and adtech ecosystem this raises the baseline volume and fidelity of opt-out signals: controllers must capture, persist, propagate and honor browser-level signals (including UOOM/GPC-style indicators) across adtech, analytics and downstream systems. Engineers and privacy teams should implement preference hierarchies, log timestamps and provenance to reconcile conflicts (e.g., banner consent vs. a UOOM) and default to the privacy-protective outcome when ambiguous. Expect increased machine-readable opt-out events and downstream DSARs; cross-state interactions matter too, since browsers often ship features globally and other states already require honoring universal opt-out mechanisms. Practical workstreams: update consent management, signal ingestion/propagation, storage and audit trails, and monitor forthcoming CPPA technical specs.