A May 2026 report from the Electronic Privacy Information Center (EPIC) raises serious concerns about the integrity of consumer data privacy controls across the U.S. technology industry. After auditing the opt-out processes of 38 major data-collecting companies spanning AI vendors, data brokers, defense contractors, and dating applications, EPIC researchers identified at least eight categories of manipulative design patterns routinely used to obstruct consumers from exercising their privacy rights.
The obstructions are varied but systematic. Opt-out links are frequently buried in fine print or absent from homepages entirely. Consumers are routed through multiple redundant forms to complete a single request. In some cases, companies require users to create an account or pay for a subscription before a data removal request can even be submitted. Bumble, notably, presents its “Do Not Sell” toggle in a manner visually suggesting it is already enabled, when in fact, clicking it is the action required to opt out.
Major technology firms are not exempt from these findings. Google, Meta, and OpenAI were each cited for failing to provide clear, accessible links to opt-out mechanisms from their homepages or privacy policies.
EPIC’s broader recommendation moves beyond interface reform: the organization calls for regulatory limits on the volume of personal data companies are permitted to collect in the first place. The implication is clear, when opt-out mechanisms are structurally designed to fail, the burden cannot remain solely on the consumer.
;
