Data Brokers Hide Opt-Out Pages From Google Search
▼ Summary
– California law requires data brokers to let consumers request data deletion, but many hide these instructions from search engines.
– Over 30 data brokers used code to exclude deletion pages from Google and Bing search results, making them hard to find.
– Of 499 registered brokers, 35 had this code; nine later removed it after being contacted by journalists, while two refused.
– Some companies claimed the code was unintentional or meant to prevent spam, but it still hindered consumer access.
– Even when available, opt-out links were often buried under pop-ups or tiny text, creating additional barriers for users.
Finding ways to opt out of data broker collections just got harder, as many companies deliberately hide these pages from search engines. A recent investigation reveals that over 30 data brokers, which gather and sell personal information, have used technical methods to prevent their opt-out pages from appearing in Google search results. This makes it significantly more difficult for consumers to exercise their rights under California’s privacy laws.
California’s Consumer Privacy Act mandates that data brokers provide clear methods for individuals to request data deletion. However, many companies appear to be skirting the spirit of the law by burying these options. Researchers examined all 499 registered brokers and found that 35 had implemented code instructing search engines to exclude their opt-out pages from indexing. While these pages technically exist, they remain virtually invisible to anyone searching for them.
Privacy advocates argue this tactic undermines consumer rights. “This looks like a deliberate attempt to make the process as opaque as possible,” said Matthew Schwartz, a policy analyst at Consumer Reports. Without easy access to opt-out forms, individuals face unnecessary barriers when trying to control how their data is used.
After being contacted by researchers, several companies took action. Seven agreed to review or remove the blocking code, while two claimed they had already done so independently. Eight of these changes were verified. However, two firms defended the practice, stating they implemented the restrictions to prevent spam. Nearly two dozen others ignored requests for comment, though three quietly removed the code afterward.
Even when opt-out links are present, they’re often buried deep within websites. Some companies tuck them behind cookie consent banners, newsletter pop-ups, or in tiny footnotes, far from prominent navigation menus. For example, Kloudend’s ipapi service initially hid its “Right to Delete” form from search results before correcting what it called an “oversight.”
The findings highlight a broader issue: while regulations exist to protect privacy, enforcement remains inconsistent. Without stricter oversight, companies may continue exploiting technical loopholes to keep consumers in the dark. For now, those seeking to remove their data must navigate a maze of hidden pages and vague instructions, a challenge that shouldn’t exist in the first place.
(Source: Wired)
