Do Not Sell
Last Updated: May 13, 2021
What is the CCPA Do Not Sell My Personal Information Requirement?
The California Consumer Privacy Act (CCPA) was enacted in June 2018, went into effect in January 2020, and was enforced in July 2020. The purpose of the CCPA is to empower California residents by giving them ownership and control over their personal information.
The law ensures Californians 5 rights:
- The right to Access
- The Right to be Informed – before collection
- The Right to Opt-in or opt-out of marketing, analytics, and other similar activities
- The Right to equal services
- The Right to request deletion
Included in Right #3 is the option to “say no to the sale of personal information”, formally known as 1798.135 (“Do Not Sell”).
How Does the CCPA Do Not Sell Rule Work?
The CCPA Do Not Sell My Personal Information rule gives California residents the right to tell businesses not to sell their personal data.
Do Not Sell My Personal Information Rule Requirements:
- Organizations need a website page called Do Not Sell My Personal Information that allows consumers to opt-out of the sale of their personal information.
- They must make it easily accessible by linking it to their homepage.
- Users must be able to make this request without having to create an account.
- Organizations must respect the consumer’s choices for at least 12 months. After this time the business can ask the consumer to allow the sale of personal information.
While complying with these requirements may seem pretty straightforward, they can present many challenges. For instance, these requirements require websites to know what personal data they’re collecting and selling, knowing what data belongs to which user, and having a solution in place to process any Do Not Sell requests.
What Does “Sell” Include
It’s important to understand what the “Sell” in Do Not Sell My Personal Information includes as it is broadly interpreted and deals with a range of transactions. Be cautious and thorough as the “Sell” definition might include your organization.
According to the CCPA, selling is:
“selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
As you can see, the broad range in transactions is very clear. The International Association of Privacy Professionals (IAPP) produced a blog post further explaining “valuable considerations” as all agreements where personal information is exchanged and the transferring entity receives any benefit to which it is not legally entitled.”
Does My Organization Need to Comply with CCPA Do Not Sell?
Firstly, all businesses affected by CCPA need to put in place a process for users to exercise their Do Not Sell My Personal Information right. The CCPA affects companies that collect information from California residents, even those without a physical presence in the state. However, there are some exemptions.
The regulation only affects organizations that either generate over $25 million in revenue, collect information of more than 50,000 California residents a year or derive 50% or more of their annual revenue from selling the personal information of California residents.
Get a Free CCPA Opt-Out Button/Link Builder
CookiePro’s CCPA Opt-Out Solution enables website owners to create a Do Not Sell notice to comply with CCPA opt-out requirements. Leverage CookiePro to create a sleek and actionable “Do Not Sell” link or button for your website that integrates with Google Ads Manager and the IAB CCPA Framework.
Get Started with CookiePro
Create a Cookie Banner with CookiePro
Create a customizable cookie banner and preference center for visitors to provide consent and opt-in or opt-out of certain categories of tracking on your website.Get Now