When California passed AB 566, the “Opt Me Out” Act, in October 2025, the tech world barely noticed. The law seemed straightforward enough: starting January 2027, browsers must include easy-to-use opt-out signals that let users tell websites not to sell their data. Chrome, Safari, Firefox—those companies would need to add a feature. Simple.
But here’s where it gets interesting. The law defines “browser” as “an interactive software application that is used by consumers to locate, access, and navigate internet websites.” Not “Chrome and similar applications.” Not “software primarily designed for web navigation.” Just any interactive software application that consumers use to navigate the web.
Which raises an uncomfortable question for a lot of companies: is Reddit a browser?
The Front Page of the Internet
Reddit literally calls itself “the front page of the internet.” That’s not just marketing—it’s an accurate description of how millions of people actually use the platform. Users go to Reddit, scroll through curated links from across the web, and click through to articles, videos, and websites they’d never have found otherwise. Reddit is, functionally, a discovery and navigation tool for the internet.
The same is true for LinkedIn, Twitter, Facebook, Pinterest, news aggregator sites like those run by Apple and Google, and dozens of other platforms. They aggregate, curate, and present links. Users spend hours navigating from Reddit to various corners of the web. If you had to describe what someone was doing when they used Reddit, you might say they were “locating, accessing, and navigating internet websites”—the exact language AB 566 uses.
This isn’t some minor edge case. We’re talking about platforms with hundreds of millions of users, potentially facing obligations under a privacy law that was supposed to apply to maybe half a dozen browser companies.
The Legislative Breadcrumbs
What makes this particularly intriguing is that the legislature seems to have left the door open—maybe even deliberately. Early drafts of AB 566 included the word “primarily” in the definition. The draft said a browser was something “primarily used by consumers to access internet websites.” That limiting language didn’t make it into the final version.
Under basic principles of statutory interpretation, when legislators remove qualifying language between drafts, courts assume it was intentional. The legislature knew how to write a narrow definition. They chose not to.
They also chose to focus on actual use rather than design purpose. The statute doesn’t say “designed to locate, access, and navigate” or “whose primary purpose is to navigate.” It says “that is used by consumers to” do these things. That’s a functional test, not a purpose test. And functionally, Reddit is used by consumers to navigate the web.
The Interactive Software Question
But wait—is Reddit really “software”? It’s a website. You access it through a browser. Surely there’s a difference between an application and a website, right?
This is where things get technical, and where the traditional distinction between websites and applications has completely collapsed.
Reddit is what’s known as a Single-Page Application, or SPA. When you visit Reddit in your browser, you’re not just viewing a static webpage. Your browser downloads massive amounts of JavaScript—Reddit’s actual application code—which then executes on your computer.
When you click between subreddits, the page doesn’t reload. Instead, React (the framework Reddit uses) dynamically rewrites the page content on the fly. The application is managing state, handling routing, processing your interactions, and making decisions about what to show you.
This is fundamentally different from how websites worked in the 1990s or early 2000s. Back then, a “website” was a collection of static HTML pages sitting on a server. When you clicked a link, your browser requested a new page, and the server sent it. The website was the content; the browser was the application.
Modern platforms like Reddit work differently. The server sends a minimal HTML shell and a whole lot of JavaScript. That JavaScript is the application, and it runs on your machine. Your CPU executes it. It uses your memory. It stores data locally in your browser’s storage. For all practical purposes, you’ve downloaded and run an application—it just happens to run inside a browser tab rather than as a standalone window.
The industry recognizes this. Companies hire “web application developers,” not “website makers.” Developer job postings talk about building “applications.” When Reddit’s engineering team describes their work, they call it an application.
Progressive web apps like Reddit can even be “installed” to your home screen, complete with an icon and the ability to work partially offline. At that point, the technical difference between the web version and the mobile app version becomes nearly meaningless.
What Compliance Would Mean
If Reddit and similar platforms were deemed “browsers” under AB 566, they’d need to implement an opt-out preference signal—most likely Global Privacy Control, or GPC. GPC is an existing technical standard that allows browsers to automatically tell websites “don’t sell my data.” It’s already legally required in California, Colorado, Connecticut, and New Jersey.
The technical implementation wouldn’t be that difficult. GPC works by sending an HTTP header or setting a JavaScript property. Reddit’s developers could add this functionality.
The real question is the policy implication: suddenly, Reddit would be in the business of broadcasting privacy preferences on behalf of its users, transforming it from a platform that receives privacy requests to one that sends them.
It would have to send the signal.
This isn’t hard BTW. Reddit already has opt-out settings. It already manages user preferences. Adding GPC would just make those preferences universal and automatic—which is precisely what AB 566 is trying to accomplish.
The Enforcement Gap
Here’s what makes this particularly relevant right now: GPC compliance is abysmal. While over 50 million users have browsers that send GPC signals, most websites don’t properly honor them.
The California Attorney General has already secured multi-million dollar settlements against Sephora and Healthline.com for failing to respect GPC signals. If major platforms like Reddit, LinkedIn, Facebook, and Twitter were suddenly required to send GPC signals to every website they linked to, the privacy landscape would change overnight.
Instead of 50 million users sending signals, you’d have hundreds of millions. Websites would be forced to actually implement proper GPC handling or face massive enforcement exposure. This might be exactly what the legislature intended.
The stated purpose of AB 566 is to make privacy rights “meaningful” by making them easy to exercise. What’s easier than having privacy preferences automatically broadcast by every platform you use to navigate the web?
The Legal Arguments
A creative plaintiff’s lawyer could build a strong case here. The textual argument is straightforward: AB 566’s definition is functional, not categorical. It doesn’t list specific products or require particular technical characteristics. It describes what consumers do with the software.
Of course, there are counterarguments. The most obvious is that “browser” has a commonly understood meaning—Chrome, Safari, Firefox—and courts shouldn’t stretch statutory language beyond ordinary understanding. Reddit would argue that it’s a destination, not a navigation tool; a platform, not an application; content, not software.
But these distinctions don’t hold up well under scrutiny. Reddit is both destination and navigation tool. It’s unquestionably a platform, but platforms are applications—Facebook calls itself an application, after all. And as for content versus software, the massive codebase that powers Reddit’s user interface is undeniably software.
What Happens Next
The California Privacy Protection Agency has rulemaking authority under AB 566. They could clarify the definition of “browser” through regulations. But so far, there’s no indication they plan to narrow it. In fact, given the CPPA’s aggressive stance on privacy enforcement, they might welcome a broader interpretation. More likely, we’ll see enforcement actions that test the boundaries.
The CPPA could send investigative letters to companies asking whether they consider themselves browsers under AB 566. Or a consumer advocacy group could file a complaint arguing that Reddit’s failure to implement GPC violates the law. Even without a private right of action, administrative complaints can force regulatory interpretation.
______
This isn’t just a story about Reddit, or even about AB 566. It’s a story about how law struggles to keep up with technology. The words “browser,” “website,” “application,” and “software” all meant specific things when they were coined. But technology has evolved faster than legal definitions.
Reddit in 2025 is nothing like a website from 2005. It’s a sophisticated application platform built on modern frameworks, executing complex code, and facilitating navigation across the broader internet. Whether we call it a “website” or an “application” or a “browser” is almost beside the point. The question is whether the law’s functional description captures what it actually does.
New York force majeure law for vendors and service providers is brutal. Here’s why.
You need a list.
The doctrine will excuse performance under New York law only if the force majeure clause specifically includes the event or occurrence that prevents a party’s performance.
Without a list, the clause is basically a dead letter. This means force majeure clauses formulated like the following are no good if you are the vendor:
Neither party shall be responsible or liable to the other party, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term or obligation of this Agreement, if and for as long as such failure or delay arises from any cause beyond the reasonable control of that party.
During the pandemic, many businesses in New York with generic clauses like this one struggled to be excused from performance. Courts often ruled that unless the clause specifically mentioned “pandemics,” “epidemics,” or “government-ordered shutdowns,” the general “beyond reasonable control” language was insufficient. Vendors with more specific and detailed clauses fared better.
The list better be good.
As a general matter, under New York law, the clause will never be anything more than the list. Even if the clause is expansive in scope, and includes at the end a catch-all, “anything not previously mentioned still counts,” kind of clause, the list automatically brands the rest. It applies only to events of the same general kind or class as those specifically mentioned.
Even with the event listed, it doesn’t count if the event is foreseeable or within a party’s control.
Foreseeability is a strict requirement, regardless of what the clause says. Similarly, New York law reads into every force majeure provision the requirement that the invoking party did not have control over the force majeure event.
Few things in lived experience are truly unforeseeable, or truly outside one’s control. This sets a high bar for applicability.
Impossibility of performance is required.
Suppliers doubled their prices for inputs? Too bad.
Performance must have been rendered impossible by the event. Mere impracticality or unanticipated difficulty is not enough to excuse performance. Financial hardship (eg, increased prices, even by 100%) will not shield the vendor. New York law in this regard leans heavily on the common law doctrine of impossibility.
Even with the event listed, it doesn’t count if the obligation affected is fundamental.
Delays resulting from a breach of a fundamental obligation of the contract may not be excused, even with a robust clause that lists the specific event that proximately caused non-performance — and even if the event was unforeseeable and beyond one’s control.
This greatly limits the efficacy of force majeure clauses for the vendor or service provider.
California law is better for vendors on force majeure.
California law stands in stark contrast.
A list is not required. The quoted clause above would be effective. Under California law, the clause need not include a specific list of events to be enforceable. It can be broadly defined as “any cause beyond the reasonable control of the affected party,” provided the language of the clause is clear and consistent with the parties’ intent and the circumstances of the contract.
Also not required: proving literal impossibility. Rather, California courts apply the doctrine of commercial impracticability, in which a provider may be excused if the event renders performance unreasonably difficult or expensive such that it would be fundamentally unfair to enforce the contract. For a service provider facing a major supply chain disruption or a sudden, massive cost increase, this standard is much easier to meet than New York’s strict impossibility test.
Foreseeability and control are also handled much differently in California. California courts will qualify a listed event as excusing performance, regardless of whether it was unforeseeable at the time. Moreover, the control standard is more relaxed. California courts apply the “reasonable control” standard, focusing on “good faith” and “reasonable diligence.”
Yet another reason to avoid New York law for clients selling goods, services, content, or IP.
The courts are beginning to grapple with the issue of whether works generated by artificial intelligence, particularly music, art, and prose, can be characterized as derivative of the material on which the AI was trained.
Under US law, a derivative work is
a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a ‘derivative work.’
The creation of derivative works is one of the exclusive rights the law confers on copyright owners. The emergence of sophisticated generative AI models trained on copyrighted material has engendered litigation over whether the models themselves, or their outputs, constitute derivative works of such material.
This litigation is in its early stages. The caselaw that we have seen thus far, and recent scholarly commentary on the topic, seems to cast doubt on whether the derivative works right is infringed by the use of general-purpose generative AI.
For example, in Kadry v Meta Platforms, Inc. (ND Cal 2023), the plaintiffs advancing claims against Meta Platform’s generative AI, LLaMA (an acronym for “Large Language Model Meta AI”), contend that “every output of the LLaMA language models is an infringing derivative work,” and that because users initiate queries of LLaMA, “every output from the LLaMA language models constitutes an act of vicarious copyright infringement.”
The US District Court flatly rejected this theory of liability in granting in part Meta’s motion to dismiss:
The plaintiffs are wrong to say that, because their books were duplicated in full as part of the LLaMA training process, they do not need to allege any similarity between LLaMA outputs and their books to maintain a claim based on derivative infringement. To prevail on a theory that LLaMA’s outputs constitute derivative infringement, the plaintiffs would indeed need to allege and ultimately prove that the outputs “incorporate in some form a portion of” the plaintiffs’ books. Litchfield v. Spielberg, 736 F.2d 1352, 1357 (9th Cir. 1984); see also Andersen v. Stability AI Ltd., No. 23-CV-00201-WHO, 2023 WL 7132064, at *7-8 (N.D. Cal. Oct. 30, 2023) (“[T]he alleged infringer’s derivative work must still bear some similarity to the original work or contain the protected elements of the original work.”); 2 Melville B. Nimmer & David Nimmer, Nimmer on Copyright § 8.09 (Matthew Bender Rev. Ed. 2023) (“Unless enough of the preexisting work is contained in the later work to constitute the latter an infringement of the former, the latter, by definition, is not a derivative work.”); 1 Melville B. Nimmer & David Nimmer, Nimmer on Copyright § 3.01 (Matthew Bender Rev. Ed. 2023) (“A work is not derivative unless it has substantially copied from a prior work.” (emphasis omitted)).
Legal commentary is in accord. See eg, Oren Bracha, Generating Derivatives: AI and Copyright’s Most Troublesome Right, NC J L & Tech (2024) (derivative rights claims against general-purpose generative AI “threaten basic copyright principles of subject matter (what informational elements are within the domain of copyright) and scope (the breadth of the right to exclude with respect to copyrightable subject matter).”)
The thrust of the critique of these cases and commentary is, thus far, limited to the situation of general-purpose AI models being trained on vast quantities of wildly varying material. SeeAnderson v. Stability AI (ND Cal 2023) (Stability AI created and released a “general-purpose” software program called Stable Diffusion and is alleged to have used billions of copies of training images).
The case for caution in applying the derivative works right is compelling. There’s a legitimate fear of prematurely kneecapping technology that has enormous potential.
We shouldn’t lose sight of the easy cases, however. We shouldn’t allow the hard cases to prejudice our ability to call something a duck if it quacks and waddles like a duck.
If an AI model is trained exclusively on, say, the works of Banksy, so that one can, within seconds and with little effort, generate art that immediately evokes Banksy, the model itself is, in all likelihood, either a derivative work of Banksy’s art, or a means for the creation of infringing derivative works. As such, the dissemination of the model would constitute contributory or vicarious infringement.
Likewise, if a user of a generative music AI enters prompts that instruct the model to create a song that sounds exactly like an Oasis song, with the same anthemic vibe, jangling guitar riffs, and a voice indistinguishable from Oasis frontman Liam Gallagher, the end result would be, well, this.
Note that the fair use defense would likely fail in these scenarios, in that there’s nothing transformative occurring here, and the commercial market for the works is undoubtedly impaired. The intention behind the model in the case of the Banksy AI, and the user in the Oasis scenario, is to create a ready substitute of the original. The US Supreme Court’s Warhol decision stands as a near-insurmountable barrier to fair use in this situation.
It stands to reason therefore that the intention of the user and/or the AI developer becomes a paramount consideration. If the intent of the user or the AI developer is to create, or enable the creation of, generated works that are in fact substantially similar to or contain protected elements of the original works, then infringement of the derivative works right becomes much more obvious.
Consequently, the inquiry would be considerably aided if the prompts the user entered to generate the output in question were known and made readily available. An AI prompt is any form of text, information, or coding that communicates to the AI what response is sought. Prompts can be quite elaborate and complex, such that prompt engineers are now in high demand.
Likewise, the weights that the AI developer employed in the training model would bring particular salience to bear on the infringement issue. Weights in the AI context refer to the numerical values that determine the strength and direction of connections between neurons in artificial neural networks. Here’s a simplistic yet illuminating explanation:
Imagine you have a special robot that can learn and do tasks all by itself. To make the robot smart, we give it a brain called a “machine learning model.” The model has little switches called “weights” that help the robot make decisions.
Each weight is like a knob that the robot can turn to change how important different things are. Let’s say the robot is learning to recognize cats and dogs in pictures. It looks at different features like the shape of the ears, the color of the fur, and the size of the nose. The weights decide how much importance the robot gives to each feature.
The copyright significance of weights in AI models is coming into focus. See Hassan Uriostegui, AI-Copyright Weights: A New Frontier in Intellectual Property Law (“Regulating the generative output of AI is important, but recognizing the role of weights in this process could be equally crucial. By examining this concept, we might just be touching the surface of the ‘mind’ of AI, prompting a reassessment of our relationship with these sophisticated systems and the legal frameworks that govern them.”)
Disclosure of this information would go a long way in assisting judicial decision-making in the derivative rights context. If the AI developer utilized weights in a way that does not favor expressive copyrightable content, and if the generative AI user entered prompts that did not attempt to elicit the reproduction of protected expression, whether infringement of the derivatives right has occurred becomes a much easier question.
Granting copyright protection to AI-generated content in exchange for the disclosure of prompts, while establishing that these prompts are not protected by copyright when used with LLMs, could resolve many issues. First, it offers incentives for prompt writers to share their prompts with the public, enhancing our awareness of our own thoughts and desires. Second, users would be free to use the prompts however they wish without restriction. Third, it simplifies oversight for the LLM platforms. Instead of filtering prompts, platforms need only ensure that the outputs are not identical to the copyrighted content initially generated by the copyright owner.
Indeed, the prudent and law-abiding user and developer should want to be able to demonstrate the prompts and weights used in creation so as to be immunized from a derivative infringement claim. As lawyers, we should be advising our clients to document this information so that it can be readily retrieved, and in a form that allows for reproduction of the results of the prompts and weights used.
This may be a hard truth to many of us: “Obtaining an award against a party that fails to appear in an arbitration may prove more costly and time-consuming than appearing in court.”
The backstory is that we represented a plaintiff in a breach action under a contract that called for binding arbitration. Shortly after the defendant filed its responsive pleading denying our allegations and laying out its defense, the defendant laid off all its staff, fired the lawyer representing it in the arbitration, and shut down all business operations. Soon the creditors swooped in and scooped up whatever assets remained.
While this was happening, we contemplated at least exploring the idea of securing an arbitral quasi-default judgment that could be used in any subsequent bankruptcy or other proceeding. However, we soon learned that given the arbitration rules we were operating under, the notion that we could swoop in with a quick default award turned out to be a fantasy. The arbitrator, as it happens, required an evidentiary hearing, affidavits, and briefs that would have cost nearly as much as a mini-trial. We were most decidedly worse off than had we been in state or federal court.
This has led us to ponder whether it’s worth including in standard arbitration clauses language that alters the operation of otherwise-default arbitration rules. The result of our pondering is Redline work product for binding arbitration provisions, intended for insertion after a standard mandatory binding arbitration clause. These new provisions mimic default judgment rules that apply in court.
Lawyers drafting online terms of use/service and privacy policies are well-advised to establish a record that allows the client to demonstrate the existence of such terms and the date they were in effect. Such a record will prove quite handy in future litigation. See, eg, Kinney v. YouTube, LLC (Cal. Ct. App. 2018) (YouTube forced to rely on sworn testimony of engineer responsible for posting YouTube terms of service to prove that plaintiff click-accepted a version of the YouTube terms that included a synthetic one-year statute of limitations).
The Wayback Machine is one way to establish just such a record. Launched in 2001 by the Internet Archive, a nonprofit based in San Francisco, California, the Wayback Machine is a digital archive of the entire Internet. At this site, one can upload or capture a webpage on a specific date and time, and then retrieve it to prove its existence on that date and time. Go here to see a copy of the affidavit that the Internet Archive manager uses for establishing an evidentiary foundation for archived webpages. Courts have upheld the admissibility of such evidence. See United States v. Gasperini (2nd Cir. 2018).
The Wayback Machine should be used, not just for preserving a record of clients’ terms, but for preserving a record of online terms that clients entered into, or of online documents that traditionally signed agreements reference in URLs embedded in the document. In fact, the best practice in this situation would be to create the Wayback Machine entry and email that to the contract counterparty after the deal concludes.
