One week after Delta announced it is expanding a test using artificial intelligence to charge different prices based on customers' personal data—which critics fear could end cheap flights forever—Democratic lawmakers have moved to ban what they consider predatory surveillance pricing.
In a press release, Reps. Greg Casar (D-Texas) and Rashida Tlaib (D-Mich.) announced the Stop AI Price Gouging and Wage Fixing Act. The law directly bans companies from using "surveillance-based" price or wage setting to increase their profit margins.
If passed, the law would allow anyone to sue companies found unfairly using AI, lawmakers explained in what's called a "one-sheet." That could mean charging customers higher prices—based on "how desperate a customer is for a product and the maximum amount a customer is willing to pay"—or paying employees lower wages—based on "their financial status, personal associations, and demographics."
The Federal Communications Commission has approved Skydance's $8 billion acquisition of Paramount, which owns CBS.
But the agency's approval drew fiery dissent from the only Democratic commissioner, Anna Gomez, after requiring written commitments from Skydance that allow the government to influence editorial decisions at CBS. Gomez accused the FCC of "imposing never-before-seen controls over newsroom decisions and editorial judgment, in direct violation of the First Amendment and the law."
Under the agreement, FCC Chairman Brendan Carr explained that Skydance has given assurances that all of the new company’s programming will embody "a diversity of viewpoints from across the political and ideological spectrum." Carr claimed that the requirements were necessary to restore Americans' trust in mainstream media, backing conservatives' claims that media is biased against Trump and appointing an ombudsman for two years to ensure that CBS's reporting "will be fair, unbiased, and fact-based." Any complaints of bias that the ombudsman receives will be reviewed by the president of New Paramount, the FCC confirmed.
Not surprisingly, Congress is pushing back against the Trump administration's proposal to cancel the Space Launch System, the behemoth rocket NASA has developed to propel astronauts back to the Moon.
Spending bills making their way through both houses of Congress reject the White House's plan to wind down the SLS rocket after two more launches, but the text of a draft budget recently released by the House Appropriations Committee suggests an openness to making some major changes to the program.
The next SLS flight, called Artemis II, is scheduled to lift off early next year to send a crew of four astronauts around the far side of the Moon. Artemis III will follow a few years later on a mission to attempt a crew lunar landing at the Moon's south pole. These missions follow Artemis I, a successful unpiloted test flight in 2022.
Activists around the world are calling attention to harassment they’ve faced on Meta’s platforms. More than 90 percent of land and environmental defenders surveyed by Global Witness, a nonprofit organization that also tracks the murders of environmental advocates, reported experiencing some kind of online abuse or harassment connected to their work. Facebook was the most-cited platform, followed by X, WhatsApp, and Instagram.
Global Witness and many of the activists it surveyed are calling on Meta and its peers to do more to address harassment and misinformation on their platforms. Left to fester, they fear that online attacks could fuel real-world risks to activists. Around 75 percent of people surveyed said they believed that online abuse they experienced corresponded to offline harm.
“Those stats really stayed with me. They were so much higher than we expected them to be,” Ava Lee, campaign strategy lead on digital threats at Global Witness, tells The Verge. That’s despite expecting a gloomy outcome based on prior anecdotal accounts. “It has kind of long been known that the experience of climate activists and environmental defenders online is pretty awful,” Lee says.
Left to fester, they fear that online attacks could fuel real-world risks
Global Witness surveyed more than 200 people between November 2024 and March of this year that it was able to reach through the same networks it taps when documenting the killings of land and environmental defenders. It found Meta-owned platforms to be “the most toxic.” Around 62 percent of participants said they encountered abuse on Facebook, 36 percent on WhatsApp, and 26 percent on Instagram.
That probably reflects how popular Meta’s platforms are around the world. Facebook has more than 3 billion active monthly users, more than a third of the global population. But Meta also abandoned its third-party fact-checking program in January, which critics warned could lead to more hate speech and disinformation. Meta moved to a crowdsourced approach to content moderation similar to X, where 37 percent of survey participants reported experiencing abuse.
In May, Meta reported a “small increase in the prevalence of bullying and harassment content” on Facebook as well as “a small increase in the prevalence of violent and graphic content” during the first quarter of 2025.
“That’s sort of the irony as well, of them moving towards this kind of free speech model, which actually we’re seeing that it’s silencing certain voices,” says Hannah Sharpe, a senior campaigner at Global Witness.
Fatrisia Ain leads a local collective of women in Sulawesi, Indonesia, where she says palm oil companies have seized farmers’ lands and contaminated a river local villagers used to be able to rely on for drinking water. Posts on Facebook have accused her of being a communist, a dangerous allegation in her country, she tells The Verge.
Ain says she’s asked Facebook to take down several posts attacking her, without success. “They said it’s not dangerous, so they can’t take it down. It is dangerous. I hope that Meta would understand, in Indonesia, it’s dangerous,” Ain says.
Other posts have accused Ain of trying to defraud farmers and of having an affair with a married man, which she sees as attempts to discredit her that could wind up exposing her to more threats in the real world — which has already been hostile to her activism. “Women who are being the defenders for my own community are more vulnerable than men … more people harass you with so many things,” she says.
Nearly two-thirds of people who responded to the Global Witness survey said that they have feared for their safety, including Ain. She’s been physically targeted at protests against palm oil companies accused of failing to pay farmers, she tells The Verge. During a protest outside of a government office, men grabbed her butt and chest, she says. Now, when she leads protests, older women activists surround her to protect her as a security measure.
In the Global Witness survey, nearly a quarter of respondents said they’d been attacked on the basis of their sex. “There’s evidence of the way that women and women of color in particular in politics experience just vast amounts more hate than any other group,” Lee says. “Again, we’re seeing that play out when it comes to defenders … and the threats of sexual violence, and the impact that that is having on the mental health of lots of these defenders and their ability to feel safe.”
“We encourage people to use tools available on our platforms to help protect against bullying and harassment,” Meta spokesperson Tracy Clayton said in an email to The Verge, adding that the company is reviewing Facebook posts that targeted Ain. Meta also pointed to its “HiddenWords” feature that allows you to filter offensive direct messages and comments on your posts and its “Limits” feature that hides comments on your posts from users that don’t follow you.
Other companies mentioned in the report, including Google, TikTok, and X, did not provide on-the-record responses to inquiries from The Verge. Nor did a palm oil company Ain says has been operating on local farmers’ land without paying them, as they’re supposed to do under a mandated profit-sharing scheme.
Global Witness says there are concrete steps social media companies can take to address harassment on their platforms. That includes dedicating more resources to their content moderation systems, regularly reviewing these systems, and inviting public input on the process. Activists surveyed also reported that they think algorithms that boost polarizing content and the proliferation of bots on platforms make the problem worse.
“There are a number of choices that platforms could make,” Lee says. “Resourcing is a choice, and they could be putting more money into really good content moderation and really good trust and safety [initiatives] to improve things.”
Global Witness plans to put out its next report on the killings of land and environmental defenders in September. Its last such report found that at least 196 people were killed in 2023.
India has ordered the blocking of 25 streaming services — many with millions of viewers and even paying subscribers — for allegedly promoting "obscene" content.
In response to the European Union's incoming regulation of political advertising, Meta said on Friday that it would stop selling and showing political ads in the EU from October 2025.
President Donald Trump unveiled an AI Action Plan and an executive order on "woke AI."
Roy Rochlin/Getty Images for Hill & Valley Forum
Donald Trump issued an executive order mandating that AI used by the government be ideologically neutral.
BI's reporting shows training AI for neutrality often relies on subjective human judgment.
Executives at AI training firms say achieving true neutrality is a big challenge.
President Donald Trump's war on woke has entered the AI chat.
The White House on Wednesday issued an executive order requiring any AI model used by the federal government to be ideologically neutral, nonpartisan, and "truth-seeking."
The order, part of the White House's new AI Action Plan, said AI should not be "woke" or "manipulate responses in favor of ideological dogmas" like diversity, equity, and inclusion. The White House said it would issue guidance within 120 days that will outline exactly how AI makers can show they are unbiased.
Removing bias from AI models is not a simple technical adjustment — or an exact science.
The later stages of AI training rely on the subjective calls of contractors.
This process, known as reinforcement learning from human feedback, is crucial because topics can be ambiguous, disputed, or hard to define cleanly in code.
"We don't define what neutral looks like. That's up to the customer," Rowan Stone, the CEO of data labeling firm Sapien, which works with customers like Amazon and MidJourney, told BI. "Our job is to make sure they know exactly where the data came from and why it looks the way it does."
In some cases, tech companies have recalibrated their chatbots to make their models less woke, more flirty, or more engaging.
They are also already trying to make them more neutral.
BI previously reported that contractors for Meta and Google projects were often told to flag and penalize "preachy" chatbot responses that sounded moralizing or judgmental.
Is 'neutral' the right approach?
Sara Saab, theVP of product at Prolific, an AI and datatraining company, told BI that thinking about AI systems that are perfectly neutral "may be the wrong approach" because "human populations are not perfectly neutral."
Saab added, "We need to start thinking about AI systems as representing us and therefore give them the training and fine-tuning they need to know contextually what the culturally sensitive, appropriate tone and pitch is for any interaction with a human being."
Tech companies must also consider the risk of bias creeping into AI models from the datasets they are trained on.
"Bias will always exist, but the key is whether it's there by accident or by design," said Sapien's Stone. "Most models are trained on data where you don't know who created it or what perspective it came from. That makes it hard to manage, never mind fix."
Big Tech's tinkering with AI models has sometimes led to unpredictable and harmful outcomes
Earlier this month, for example, Elon Musk's xAI rolled back a code update to Grok after the chatbot went on a 16-hour antisemitic rant on the social media platform X.
The bot's new instructions included a directive to "tell it like it is."
Donald Trump vowed to save TikTok before taking office, claiming only he could make a deal to keep the app operational in the US despite national security concerns.
But then, he put Vice President JD Vance in charge of the deal, and after months of negotiations, the US still doesn't seem to have found terms for a sale that the Chinese government is willing to approve. Now, Trump Commerce Secretary Howard Lutnick has confirmed that if China won't approve the latest version of the deal—which could result in a buggy version of TikTok made just for the US—the administration is willing to shut down TikTok. And soon.
On Thursday, Lutnick told CNBC that TikTok would stop operating in the US if China and TikTok owner ByteDance won't sell the app to buyers that Trump lined up, along with control over TikTok's algorithm.
The CEOs of every major artificial intelligence company received letters Wednesday urging them to fight Donald Trump's anti-woke AI order.
Trump's executive order requires any AI company hoping to contract with the federal government to jump through two hoops to win funding. First, they must prove their AI systems are "truth-seeking"—with outputs based on "historical accuracy, scientific inquiry, and objectivity" or else acknowledge when facts are uncertain. Second, they must train AI models to be "neutral," which is vaguely defined as not favoring DEI (diversity, equity, and inclusion), "dogmas," or otherwise being "intentionally encoded" to produce "partisan or ideological judgments" in outputs "unless those judgments are prompted by or otherwise readily accessible to the end user."
Announcing the order in a speech, Trump said that the US winning the AI race depended on removing allegedly liberal biases, proclaiming that "once and for all, we are getting rid of woke."
On Wednesday, the White House released "Winning the Race: America's AI Action Plan," a 25-page document that outlines the Trump administration's strategy to "maintain unquestioned and unchallenged global technological dominance" in AI through deregulation, infrastructure investment, and international partnerships. But critics are already taking aim at the plan, saying it's doing Big Tech a big favor.
Assistant to the President for Science and Technology Michael Kratsios and Special Advisor for AI and Crypto David Sacks crafted the plan, which frames AI development as a race the US must win against global competitors, particularly China.
The document describes AI as the catalyst for "an industrial revolution, an information revolution, and a renaissance—all at once." It calls for removing regulatory barriers that the administration says hamper private sector innovation. The plan explicitly reverses several Biden-era policies, including Executive Order 14110 on AI model safety measures, which President Trump rescinded on his first day in office during his second term.
Sen. Dave McCormick (R-PA) and President Donald Trump during the inaugural Pennsylvania Energy and Innovation Summit at Carnegie Mellon University in Pittsburgh on July 15. | Photo: Bloomberg via Getty Images
At an AI and fossil fuel lovefest in Pittsburgh, Pennsylvania last week, President Donald Trump - flanked by cabinet members and executives from major tech and energy giants like Google and ExxonMobil - said that "the most important man of the day" was Environmental Protection Agency head Lee Zeldin. "He's gonna get you a permit for the largest electric producing plant in the world in about a week, would you say?" Trump said to chuckles in the audience. Later that week, the Trump administration exempted coal-fired power plants, facilities that make chemicals for semiconductor manufacturing, and certain other industrial sites from Biden-era a …
The White House unveiled its long-awaited “AI Action Plan” on Wednesday, and it included a zombie: a resurrected form of the controversial AI law moratorium that died a very public death.
The failed congressional moratorium would have stipulated that no state could regulate artificial intelligence systems for a 10-year period, on pain of being barred from a $500 million AI development fund and potentially losing rural broadband funding. Trump’s new plan has a similar, albeit more vague, provision buried within it. It states that “AI is far too important to smother in bureaucracy at this early stage” and that the government “should not allow AI-related Federal funding to be directed toward states with burdensome AI regulations that waste these funds,” though it should also “not interfere with states’ rights to pass prudent laws that are not unduly restrictive to innovation.”
The White House’s Office of Management and Budget will work with federal agencies that have “AI-related discretionary funding programs to ensure, consistent with applicable law, that they consider a state’s AI regulatory climate when making funding decisions and limit funding if the state’s AI regulatory regimes may hinder the effectiveness of that funding or award.”
Essentially, states that do choose to enforce their own AI regulations may be punished for it on a federal level, under a different sort of AI law moratorium — one with, as described in this plan, no expiration date.
The AI Action Plan also states that the Federal Communications Commission will lead a charge to “evaluate whether state AI regulations interfere with the agency’s ability to carry out its obligations and authorities under the Communications Act of 1934.” No word yet on what the penalties for that will be.
The official White House press release made no mention of the state guidelines. More detail about Trump’s plan — which encourages rapid adoption of AI tech and expansion of AI infrastructure, as well as attempts to root out diversity and climate science in AI systems used by the government — will come in a series of executive orders this week.
The congressional moratorium initially passed the House of Representatives, but it was largely condemned by Democrats and divisive among some Republicans. Some industry activists believed it would prohibit not just new AI regulation, but data privacy, facial recognition, and other tech-related rules in states like Washington and Colorado.
After an intense 24-hour period of lobbying and back-door dealmaking — including 45 rounds of votes — 99 out of 100 senators voted for the moratorium’s exclusion from Trump’s funding bill.
Now, against all odds, the provision may be coming back from the dead.
The Trump administration published its much-anticipated AI Action Plan Wednesday, signaling a sharp shift away from former President Biden’s cautious approach to addressing the risks of AI, and toward a focus on speed, sovereignty, national security, and competing with China.
India's financial crime watchdog filed a complaint against Walmart-backed Myntra, alleging the company violated foreign investment rules by channeling over $191 million through a related-party scheme.
Alligator Alcatraz, Florida's hastily built, $225 million-and-counting immigrant detention facility in the Everglades, is both a de facto concentration camp and a right-wing meme. President Donald Trump's most ardent supporters are willing to excuse - or are in some cases reveling in - allegations of inhumane treatment at the facility: worms in food, floors flooded with fecal water, fluorescent lights left on for 24 hours a day, and no air conditioning at night despite South Florida's relentless humidity.
To them, the whole thing is a big joke, fodder for memes that activate the base even as they turn the majority of Americans off from Tru …
When I launched my first WordPress site, privacy laws were pretty straightforward. You added a privacy policy, maybe updated your terms of service, and moved on.
But things have changed in recent years. States like Utah have introduced strict privacy laws that apply to businesses worldwide, even if you’re not based in the U.S.
Under the Utah Consumer Privacy Act (UCPA), you could face fines of up to $7,500 per violation. And most of the official guidance is written for lawyers, not for WordPress users just trying to stay compliant.
If you’ve been struggling to make sense of what’s required, you’re not alone. I created this guide to help everyday website owners understand how the UCPA works and what steps to take inside WordPress.
I’ve spent a lot of time researching the law, testing plugins, and finding the easiest tools. That way, you can stay focused on growing your business.
Disclaimer: We’re not lawyers. This article is for informational purposes only and does not constitute legal advice. We highly recommend consulting with a qualified legal professional to ensure your business is fully compliant with the UCPA and other privacy regulations.
What is the Utah Consumer Privacy Act (UCPA)?
The Utah Consumer Privacy Act (UCPA) is a privacy law designed to protect the personal information of Utah residents. It tells businesses how they should collect, use, and store personal data.
In this context, personal data means any information that can identify someone, such as names, email addresses, IP addresses, or even device IDs.
The UCPA can affect businesses in many locations, not just those based in Utah or even the United States. If your site handles data from people who live in Utah, then the UCPA may apply to you.
However, it’s important to note that the UCPA doesn’t apply to every WordPress blog or website. Instead, it’s aimed at larger businesses that meet a few specific conditions.
First, you must conduct business in Utah or offer products or services that target Utah residents.
Next, your business must have an annual revenue of $25 million or more.
You’ll also need to meet at least one of the following data processing thresholds:
Control or process the personal data of 100,000 or more Utah consumers.
Get more than 50% of your gross revenue from selling personal data and control or process the data of 25,000 or more Utah consumers.
These requirements are fairly specific, especially compared to some other privacy laws.
However, if your business meets these criteria, then it’s important to make sure you’re following the UCPA.
Why Should WordPress Users Care About UCPA Compliance?
Breaking the UCPA can result in serious fines. If your business violates this law, the Utah Attorney General will start by sending you a written notice. You’ll then have 30 days to fix the issue. This is known as a ‘cure period.’
If you don’t resolve the problem within that window, the Attorney General can begin issuing fines.
You could be fined up to $7,500 for each violation. And every misuse of personal data counts as a separate violation.
These penalties can add up quickly for qualifying businesses. For example, if you mishandle the data of 100 Utah residents, you could face up to $750,000 in penalties.
How UCPA Affects Your WordPress Site
As I’ve already mentioned, the UCPA is a state-level privacy law that gives consumers specific rights over their personal data.
Here are a few key consumer rights that may affect your WordPress website:
The Right to Know: Users can ask for information on the personal data you collect about them. That means you’ll need to clearly explain your data collection practices.
The Right to Correction: Users can request corrections to any inaccurate information.
The Right to Delete: Users can ask you to remove their personal data.
The Right to Data Portability: Users can request a copy of their data in a format that’s easy to access.
The Right to Opt Out of Data Sales: Users can ask you not to sell their personal data.
The Right to Opt Out of Targeted Advertising: Users can opt out of having their data used for personalized ads.
Next, I’ll show you how to meet these UCPA requirements using WordPress tools and best practices.
How to Improve Your UCPA Compliance in WordPress
Navigating UCPA compliance can feel overwhelming at first. But at its core, it’s really about being clear with your audience and giving them control over how you collect and use their personal data.
Let’s get started. You can use the links below to jump to any section:
When it comes to UCPA compliance, the first step is understanding your own data. That means reviewing and recording every piece of personal information your website collects, uses, or stores.
To get started, you should make a list of all the WordPress plugins and external tools that interact with user data. This includes everything from analytics and email marketing tools to form builders and SEO plugins.
Once you’ve built that list, take a closer look at how each one handles user information.
For example, if you’ve created a quote request form, then your form builder might collect personal details like the visitor’s name, company, or job title.
To dig even deeper, ask yourself these questions:
What personal data do I collect? This might include names, email addresses, IP addresses, payment info, or anything else that could identify a user.
Where is this data stored? Is it saved on your server or sent to a third-party tool?
Why am I collecting it? Is it essential for your website to function, or just nice to have?
How long do I keep this data? Do you have a clear retention policy in place?
Am I sharing this data with anyone else? Are you passing it along to service providers, advertisers, or analytics platforms?
This kind of audit can quickly highlight any areas where you may need to update your data practices to stay compliant with the UCPA.
Create a Data Compliance Document
After you complete your data audit, the next step is documenting your findings. This means writing down every action you’ve taken to follow the UCPA, as well as any updates you’ve made to fix issues you discovered.
Creating this document gives you clear proof that you’re committed to protecting your users’ privacy. It’s especially helpful if you’re ever audited or if someone questions your compliance.
As I’ll mention throughout this guide, it’s not enough to quietly follow the UCPA behind the scenes. You also need to show that you’re complying with it.
That’s why you should record all the personal information you’ve collected in your compliance document. For each type of data, make sure to include:
Where the data comes from (for example, forms, plugins, or third-party tools)
Why you’re collecting it (whether it’s essential or optional)
How the data is used, shared, or sold
How long you keep it
Whether it falls under a special category (like sensitive or financial data)
What security steps you’re taking to protect it
Any third-party vendors or contracts involved
This kind of record shows regulators and your users that you’re taking privacy seriously.
As a general rule, it’s smart to do a full data audit at least once per year. It’s also a good idea to review your compliance if you install new plugins, change how you collect data, or make other major updates to your site.
Plus, since laws can change, it’s wise to re-check your compliance whenever the UCPA is updated.
Collect Less Data
Unlike some other privacy laws, the UCPA allows you to collect non-essential personal data, as long as you provide a clear privacy notice and give users the option to opt out.
Still, it’s smart to follow the principle of data minimization. This means only collecting the information you actually need.
Data minimization makes UCPA compliance much easier because:
You have less to search through if someone asks for a copy of their personal data.
You have less to delete if a user requests to be forgotten.
To get started, review the forms and tools on your site. Ask yourself: “Do I really need every detail I’m asking for?”
If the answer is no, it’s best to stop collecting it.
Create a Privacy Policy
A privacy policy is a page that clearly explains what personal data you collect, how you use it, and who you share it with.
Creating a detailed privacy policy is an important part of UCPA compliance because it helps visitors understand how you handle their information. Plus, it directly supports their Right to Know under the law.
Thankfully, WordPress includes a built-in privacy policy generator. You can find it by going to Settings » Privacy in your WordPress dashboard.
Even if you already have a privacy policy, it’s a good idea to update it with information specific to the UCPA. This includes clearly explaining user rights, such as the Right to Know, Right to Delete, and Right to Correction.
Plus, your policy should tell visitors how they can exercise those rights.
For example, you might include a link to a contact form where users can request a copy of their data or ask you to delete it.
Finally, make it a habit to review and update your privacy policy regularly. This helps ensure it reflects your current practices and stays aligned with any future changes to the UCPA.
Add a Cookie Popup
Under the UCPA, cookie consent follows an opt-out model. This means you can use non-essential cookies without asking first, as long as you give users a clear way to opt out.
What counts as non-essential? These include cookies used for analytics, advertising, or user behavior tracking. Anything not required for your site to function is considered non-essential under the UCPA.
Note: It’s important to note that for ‘sensitive data’ (like information about race, religion, health, or precise geolocation), the UCPA requires you to get a user’s permission before you collect it (opt-in).
The good news is that a cookie popup can help you stay compliant with both types of laws.
A clear, user-friendly banner can let visitors know what types of cookies your site uses, what data they collect, and why. It should also offer a simple way to opt out.
While many plugins offer cookie banners, WPConsent is my top pick because it’s easy to use and supports multiple privacy laws, including the UCPA and the PDPL.
We actually use WPConsent on WPBeginner to manage cookie banners and track user consent, and we’ve had a great experience.
💡 Want to learn more about how we use WPConsent on WPBeginner? Be sure to read our in-depth WPConsent review.
💡 Want to learn more about how we use WPConsent on WPBeginner? Then be sure to read our in-depth WPConsent review.
Once it’s active, WPConsent will automatically scan your website and detect all active cookies.
From there, the setup wizard helps you design your cookie banner. You can customize the layout, position, button styles, colors, and even add your logo.
As you make changes, WPConsent shows a live preview so you can see exactly how the banner will appear on your site.
When you’re happy with the design, just save your changes. The cookie banner will start appearing on your WordPress site right away.
Adding a cookie popup is a great first step. But it’s also a good idea to create a dedicated cookie policy that explains how your site uses cookies in more detail.
This helps visitors better understand what kind of personal information your site collects and how it’s used.
In your cookie policy, make sure to:
List all the types of cookies your site uses (such as essential, analytics, or marketing cookies).
Explain what each cookie does—for example, some cookies track website visitors or show personalized ads.
Describe the data each cookie collects, like IP addresses or browsing history.
To build trust, keep your language simple and easy to understand. Try to avoid technical terms or legal jargon whenever possible.
Once your policy is ready, make sure it’s easy to find. For example, you could link to it from your main privacy policy and also inside your cookie banner.
Fortunately, WPConsent can handle this entire process for you.
It can scan your site for cookies, then use that information to generate a cookie policy automatically.
To get started, go to WPConsent » Settings.
Inside the plugin settings, you need to choose the page where you want your cookie policy to appear.
WPConsent will then add the policy to that page automatically.
If you’re already using WPConsent to display a cookie banner, then your visitors can access the policy directly through the popup.
They just need to click the ‘Preferences’ button.
From there, they can select the ‘Cookie Policy’ link to visit the full page.
Here’s an example of what that looks like.
Block Third-Party Scripts
One tricky part of the UCPA is that it also applies to third-party tracking tools like Google Analytics or Facebook Pixel.
Even though third-party tools handle the tracking, you’re legally responsible for how they collect and use visitor data on your site. That means you also need to give users a way to opt out.
A simple way to handle this is by using automatic script blocking. This prevents tracking scripts from running until the visitor gives consent.
This also supports the UCPA’s Right to Know by ensuring users understand what data is being collected before it happens.
Even though the UCPA follows an opt-out model, script blocking goes a step beyond minimum compliance by turning third-party tracking into an opt-in process.
Fortunately, WPConsent makes this easy with a built-in automatic script blocking feature.
It detects and blocks common tools like Google Analytics, Google Ads, and Facebook Pixel, without breaking your site.
Then, as soon as a visitor gives consent, the plugin loads the script immediately without reloading the page.
Track and Log Visitor Consent
Your UCPA data practices might still be questioned. For example, regulators could request an audit, or a customer might ask how their data is being handled.
That’s why it’s important to track and log user consent. This gives you clear, time-stamped proof that you’re honoring each user’s preferences.
WPConsent handles this for you automatically. It logs key details like the user’s IP address, their consent settings, and the exact date and time when they gave consent.
You can view this data anytime by going to WPConsent » Consent Logs in your WordPress dashboard.
If you ever need to share this log with someone—like an auditor or legal advisor—you can export it directly from your site.
Just open the Export tab, choose the date range you need, and click the ‘Export’ button.
WPConsent will generate a CSV file with all the logged consent data, ready for you to share if needed.
Give Users a Way to Opt Out (Do Not Track Form)
The UCPA gives users the right to opt out of the sale or sharing of their personal data. You’re required to provide a clear and easy way for them to do that.
The simplest way to do this is by using WPConsent’s Do Not Track add-on. It lets you create a dedicated opt-out page with just a few clicks.
To get started, go to WPConsent » Do Not Track » Configuration in your WordPress dashboard.
WPConsent will walk you through the steps to install the add-on and create a Do Not Track form.
Once that’s done, visitors can fill out the form to opt out of data sales or sharing.
This gives users a clear, simple way to exercise their rights, and it also improves your site’s user experience.
Plus, WPConsent stores these requests locally in a custom database table on your own site. That means you stay in full control of this sensitive data, without needing to rely on an external platform.
It also records each request automatically, giving you clear proof of compliance if it’s ever needed.
Support the ‘Right to Delete’
The UCPA gives users the right to ask you to delete their personal data.
One of the simplest ways to support this is by adding a data erasure form to your WordPress site. That way, visitors can easily request deletion through a secure form.
This is where WPForms comes in. It’s a drag-and-drop form builder that includes a pre-built Right to Erasure form template.
The template name comes from GDPR, but don’t worry. Many compliance tools use GDPR-style naming, and this form works just as well for UCPA requests.
To use the template, go to WPForms » Add New.
Then, type “Right to Erasure” into the search box.
When the template appears, you need to click ‘Use Template’ to open it in the WPForms editor.
From here, you can customize the form to fit your needs. The left-hand panel shows the available fields, and the right-hand panel shows a live preview.
To update a field, just click on it in the preview. You can then change the label, instructions, or field type in the left-hand panel.
Once you’re happy with the form, click ‘Save’.
To add the form to a page or post, you need to open the editor, add a WPForms block, and choose your saved form from the dropdown list.
After that, go ahead and publish or update the page like you normally would.
🌟 At WPBeginner, we use WPForms across all our websites. It’s reliable, beginner-friendly, and flexible enough to support compliance tasks like this. If you want a full breakdown, check out our detailed WPForms review.
Once your form is live, make sure it’s easy to find. I recommend linking to it from your privacy policy or embedding it directly on that page.
WPForms also includes an entry management system. You can use it to view and filter submissions, which makes it easy to track and respond to deletion requests.
To view entries, go to WPForms » Entries in your dashboard.
Simply find your data erasure form and click it.
You’ll then see all the ‘delete data’ requests you’ve received.
Once someone requests deletion, WordPress has a built-in tool to help.
Just go to Tools » Erase Personal Data in your admin dashboard.
Enter the user’s email or username, and WordPress will handle the removal process.
You can also choose to send a confirmation email once the data has been erased.
Handle Data Access Requests Efficiently
Under the UCPA, visitors have the right to request a copy of all the personal data your website has collected about them.
The good news is that you can support this by adding a dedicated data access form to your site using WPForms.
WPForms includes a ready-made Data Request Form template. It’s designed to collect the information you need to identify users in your records and respond to their requests.
WPForms will automatically log each submission in your dashboard.
To review them, just go to WPForms » Entries.
You can now select your data request form to view all submissions.
Then, when you receive a request, you can export the user’s data using WordPress’s built-in tools.
Go to Tools » Export Personal Data in your admin dashboard.
You can then type in the person’s username or email address to find the correct record.
Then, simply share the .zip file with the person who made the request.
This helps you meet UCPA’s Right to Know requirement in a secure and user-friendly way.
Support the ‘Right to Correction’
Under the UCPA, people can ask you to correct or update their personal data if it’s wrong or incomplete.
This might happen after a user reviews a copy of their data. Or they may contact you directly if their personal details have changed, like a new phone number or address.
The simplest way to handle these requests is by adding a dedicated correction form to your site.
WPForms includes a Personal Information Form template that’s perfect for this. It even has an “Update Existing Record” checkbox to help you identify correction requests.
This template includes useful fields like legal name, nickname, email address, and phone number.
If you need more fields, then you can easily customize the form in WPForms’ drag-and-drop editor.
Once the form is published, make sure that users can find it easily.
I recommend linking to it from your privacy policy or adding it to your site footer.
As requests come in, you can process them manually depending on where the data is stored.
If the information is inside WordPress, you need to go to Users » All Users and click ‘Edit’ for the relevant profile.
Go ahead and update the necessary fields.
Then, scroll down and click ‘Update User’ to save the changes.
If you store data in a third-party tool—like a CRM or email marketing platform—then you just need to log into that tool to update the user’s profile.
UCPA Compliance in WordPress: FAQs
Understanding privacy laws can feel overwhelming at first. If you still have questions about how the UCPA affects your WordPress site, then you’re not alone.
At WPBeginner, we’re here to help you feel confident about compliance. So in this section, I’ll answer some of the most common questions we hear from our readers.
What happens if my WordPress site isn’t UCPA compliant?
If your WordPress site violates the UCPA, you could face fines of up to $7,500 per violation. You might also receive consumer complaints or trigger a regulatory investigation—both of which can damage your business and reputation.
How often should I review my site for UCPA compliance?
Privacy laws can change over time. That’s why it’s a good idea to review your compliance at least once per year, or whenever you update how your site collects or uses data.
Can I use the same compliance tools for UCPA and GDPR?
Yes, a good compliance tool should address multiple privacy regulations. For example, WPConsent can help you comply with the UCPA, GDPR, the Brazilian General Data Protection Law (LGPD), Australia’s Privacy Principles (AAP), and many more international laws.
However, it’s worth noting that every tool is unique. Having said that, it’s important to do your research to ensure you’re meeting the specific rules of each regulation.
Additional Resources for UCPA Compliance
Taking a proactive approach and continuously learning is absolutely essential for maintaining UCPA compliance over the long term. Data privacy laws can evolve over time, and staying informed is crucial for protecting both your website and your audience.
That said, I’ve collected some helpful resources you can use to continue your learning journey and keep your WordPress site compliant:
Following a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen.
When Vultron announced its $22 million funding round earlier this week, the AI startup made sure to highlight a key investor: Craft Ventures, the firm “co-founded by White House AI adviser David Sacks.” The announcement has raised questions about conflicts of interest in the Trump administration, where Sacks serves as both AI and crypto czar […]
Login
