An extensive audit by the Electronic Privacy Information Center (EPIC) reveals that at least 38 major data collectors—including AI firms, defense contractors, and dating apps—employ manipulative opt-out forms that hinder users from reclaiming control over their personal information. Many opt-out processes are buried, confusing, or incomplete, undermining consumer privacy rights.
- Manipulative opt-out forms block true data control
- AI giants and data brokers lack clear, accessible opt-out links
- Safety risks for vulnerable individuals due to data availability
What happened
EPIC researchers audited 38 major companies involved in collecting personal data and found widespread use of deceptive design tactics in their opt-out procedures. These include forms that do not enable complete opting out, hidden or hard-to-find links, multiple-step requests, and some requiring payment or account creation before opting out is possible. Companies such as Google, Meta, OpenAI, and popular data brokers were specifically noted for these shortcomings.
For example, OpenAI’s opt-out form only allows users to request removal of personal information from AI outputs but does not prevent sale or transfer of the underlying data. Similarly, brokers like Spokeo and Whitepages do not offer methods to fully stop data sales and require users to repeatedly check or pay to remove listings. Such practices structurally prevent consumers from effectively protecting their privacy.
Why it matters
The report frames these manipulative opt-out designs as serious privacy threats with real-world safety implications. Data availability through brokers has been linked to harassment and violence, such as the 2025 tragic case where a murderer allegedly used people-search data to locate his victims. Vulnerable populations including domestic violence survivors, public officials, and marginalized groups are particularly at risk from data misuse.
EPIC stresses that opt-out rights are often the only available defense for these individuals to remove sensitive address information before it leads to harm. When companies obscure or fail to fully honor these rights, they undermine consumer protections meant to prevent stalking, harassment, and other abuses facilitated by commercial data.
What to watch next
Regulators at state and federal levels may be compelled to intervene to enforce stronger, clearer opt-out requirements in light of these findings. Several states have expanded opt-out laws beyond California, yet many companies continue to limit opt-out access to California residents only or require burdensome steps, signaling potential compliance gaps.
Emerging scrutiny on AI firms and defense contractors’ data practices will likely increase as consumer advocacy groups push for transparency and fairness. Monitoring how companies adjust their opt-out processes, clarify privacy policies, and comply with multi-state regulations will be critical to assessing whether consumer data rights are being meaningfully protected in the evolving digital landscape.