Greetings from Portsmouth, New Hampshire!

It may be too early for some, but every October, I start looking back at the past year. I unabashedly enjoy all types of retrospectives, whether it’s an analysis of a past NFL draft or to see if a popular movie of years’ past still holds up to modern standards. But nothing makes me smash a hyperlink like a good “Best of” list. I can’t get enough of all those clickbait listicles recapping the best movies, songs and moments of the past year.

It shouldn’t come as a shock that I’m not getting the same vibe in 2020.

Of all my 31 years existing on this planet we call Earth, 2020 is the one year when I will politely decline any and all lookbacks. My personal “Best of” list would consist of: “Kept my sanity. Didn’t start a podcast. Wore a mask. Had takeout that one time.”

New Year’s Eve can’t come soon enough.

Turning to the world of privacy, three words have been popping up quite a bit recently: “do not sell.”

A third set of proposed modifications to the California Consumer Privacy Act regulations unveiled by the California Department of Justice included a section that provides examples of how businesses that collect personal data offline can provide a notice of a right to opt out of the sale of their data via an offline method. 

This comes after a new initiative was recently launched that takes a direct aim at “Do Not Sell” rights. The Global Privacy Control coalition aims to allow users to opt out of the sale of their personal information within their browser. The initiative has attracted some big names, as The New York Times, The Washington Post, Mozilla and DuckDuckGo have all signed up to support the GPC.

It has caught the eye of California Attorney General Xavier Becerra, who called the GPC “a first step towards a meaningful global privacy control that will make it simple and easy for consumers to exercise their privacy rights online.”

These recent developments, though perhaps modest at this point, continue the push toward giving consumers more avenues to exercise their data rights and puts the ball in the court of the organizations to ensure they are up to the task. 

The definition of a “sale” under the CCPA has been vexing organizations since the law’s early days. As Baker McKenzie’s Amy de La Lama and Brian Hengesbaugh wrote last year: “Companies not only have to undertake careful review of disclosures to identify those that meet the definition of 'sale,' but they will also have to coordinate across technical and business teams to make sure that once a consumer exercises this right, the organization can shut down all flows of that consumer’s data that fall into the category of sale.”

The GPC said in its news release it wants to work with Becerra to have their standard be legally binding under CCPA. If companies haven’t figured out the best way to handle “Do Not Sell” requests, they may want to address those issues soon.