Privacy Under Fire: Major Tech Firms Allegedly Ignore Opt-Out Signals, Violating California Law
A recent audit reveals that several major tech companies, including **Google**, **Microsoft**, and **Meta**, are allegedly bypassing user privacy preferences by placing ad cookies even when users have explicitly opted out of tracking. This practice potentially violates the **California Consumer Privacy Act (CCPA)** and raises serious concerns about data privacy.
## Privacy Under Fire: Major Tech Firms Allegedly Ignore Opt-Out Signals, Violating California Law
New research indicates that several large tech firms are potentially flouting California law by placing advertising cookies in users' browsers even after they've declined to be tracked. The audit, conducted by privacy organization **webXray**, examined California web traffic in March and found widespread disregard for user privacy preferences.
### The Findings
The **webXray** report alleges that 194 online advertising services are ignoring globally standard opt-out signals, specifically the **Global Privacy Control (GPC)**. The **GPC** is designed to automatically signal a user's opt-out preference to websites through a browser extension.
California has previously taken action against companies ignoring **GPC** signals, fining **Sephora** $1.2 million in 2022 and **Disney** $2.75 million in February for similar violations.
### Allegations Against Tech Giants
According to the report, **Google** allegedly ignored opt-out requests 86% of the time. The report includes images purportedly showing **Google's** servers responding to opt-out signals with commands to create advertising cookies.
**Microsoft** reportedly failed to honor opt-out requests 50% of the time, employing a similar method to **Google** by issuing commands to create cookies despite the opt-out signal.
**Meta's** opt-out failure rate was allegedly 69%. The report claims that **Meta's** code lacks checks for global opt-out signals, leading to unconditional loading, tracking events, and cookie placement regardless of user preferences.
### Company Responses
A **Google** spokesperson stated that the report is based on a "fundamental misunderstanding of how our products work," asserting that they honor opt-outs provided by advertisers and publishers as required by law.
A **Microsoft** spokesperson emphasized the company's commitment to consumer privacy, stating that when a **GPC** signal is received, the user is opted out of sharing personal data with third parties for personalized advertising. They also noted that certain cookies are necessary for operational purposes and may be placed even with a **GPC** signal.
A **Meta** spokesperson dismissed the research as a "blatant marketing ploy" that misrepresents how the **Global Privacy Control** setting works and **Meta's** role. They argued that the control setting restricts how data is shared, not collected, and that advertisers are required to obtain the right to share information with **Meta**.
html
<a rel="noopener" href="https://www.recordedfuture.com/?utm_source=therecord&utm_medium=ad"><figure><img src="https://cms.therecord.media/uploads/2025_0514_Record_Ads_970x250_1_d144dbf901.png" data-nimg="1" decoding="async" height="500" width="1000" alt="Recorded Future"></figure></a>