Why Big Tech Makes It Hard to Opt Out of Data Collection

A major privacy research organization has uncovered that 38 large tech companies are using design tricks to make it nearly impossible for people to stop their data from being collected, sold, or shared. The study found at least eight different ways that companies create these barriers, all while appearing to follow privacy laws.

The research by the Electronic Privacy Information Center (EPIC) looked at the actual experience of trying to opt out — the technical steps a real person has to go through — rather than just reading what companies say in their privacy policies.

How Companies Block Opt-Outs

The tricks are straightforward. Some companies force you to create an account before you can even ask them to stop using your data. Others require you to pay for a subscription first. Some present fake opt-out buttons that look like they work but do nothing.

OpenAI offers a privacy control page, yet EPIC found it does not actually let you request that your data stop being sold or shared. The same problem shows up across multiple AI companies in the study.

People-search websites like Spokeo and Whitepages are even worse — they provide no opt-out option at all. These sites gather your address, phone number, and other personal details from public records and social media, then sell access to anyone willing to pay a small fee.

Why This Matters Beyond Privacy

The research frames these opt-out failures as a safety issue. EPIC pointed to a specific case: a man named Vance Boelter used people-search brokers to find addresses of people he wanted to harm. When companies make it easy to access someone's location and contact information, they create real danger.

This is not just about inconvenience. Easy access to detailed personal profiles can enable stalking, harassment, and violence.

This Pattern Is Everywhere

The study examined AI companies, data brokers, dating apps, and defense contractors. All of them use similar tricks to discourage opt-outs. The consistency suggests companies learned these tactics from one another rather than discovering them independently.

Defense contractors in the study are particularly concerning because they handle sensitive government and military information alongside commercial data. Their opt-out failures raise questions about security as well as privacy.

What the Law Says and What Actually Happens

Laws like California's Consumer Privacy Act and Europe's General Data Protection Regulation require companies to provide working ways for people to opt out. Yet EPIC's study shows that legal compliance on paper and real-world function are two different things.

The broader context here is something we have seen before. When the European Union passed its cookie law a few years back, companies created technically legal pop-ups and consent screens that made accepting everything simple but made changing your settings deliberately tedious. The same pattern is now playing out with data opt-out forms. Companies follow the letter of the law while ignoring its spirit.

The Technical Obstacles

Companies layer multiple obstacles into the opt-out process. You might need to create a login first, which means handing over more information. You might face a payment wall. You might go through five steps only to receive no clear confirmation that your request went through.

This creates an unfair situation. Companies have databases and automated systems to track your data. You have an unfamiliar website and no clear way to know whether your request actually worked.

What Happens Next

These findings give regulators a clear checklist of tactics to watch for and forbid. Companies that genuinely make opt-outs easy will have an advantage as privacy laws get stricter and people become more aware of their data rights.

For tech teams building privacy features, EPIC's study shows what not to do. The most important lesson is to treat opt-out tools as genuine product features — as important as any other part of the service — rather than as a legal box to check.

The research signals a shift in how privacy gets tested and enforced. Instead of just checking that companies have privacy policies on file, regulators are increasingly testing the actual user experience. As this trend grows, expect more studies like EPIC's to become standard tools for enforcement agencies.