What does “Do Not Sell My Personal Information” mean?

What does “Do Not Sell My Personal Information” mean under the CPRA (CCPA amendment)? And how do you create a CCPA DNSMPI link?

In this post, we’ll answer all these questions and more.

The “Do Not Sell My Personal Infomation” notice is one of CCPA’s key requirements.
If your business is selling consumers’ personal information, they must be clearly informed upon their first visit to your website or app. In this way, they can opt-out of the sale, if they wish to.

But what is a “sale” under the CCPA?

What does it mean to “sell” personal information under the CCPA

CCPA’s definition of sale is quite broad. It doesn’t refer only to the act of exchanging for money, but to every action that could benefit the business, if the user’s personal information is shared. The CCPA calls this valuable consideration.

The concept of sale is so important because it’s the base of the consumer’s right to opt-out: a consumer has the right, at any time, to tell a business which sells their personal information to third parties that they must stop.

You can learn more about this topic here.

The “Do Not Sell My Personal Information” notice and link

The “Do Not Sell My Personal Information” notice is the practical application of the right to opt-out.

As we said, you don’t need to ask consumers to opt-in to start collecting and selling their data (though there are some exceptions), but you do need to provide an easily accessible way to opt-out.

That is the “Do Not Sell My Personal Information” (“DNSMPI“) link.

If a business receives a “Do Not Sell” request from a consumer, it can no longer sell the consumer’s personal information, unless the consumer opts-in again, providing an express authorization.
From their side, businesses may only ask for a consumer’s authorization one more time, and only 12 months after the consumer have opted-out.

How to comply with CCPA and “Do Not Sell” requests

In order to comply with CCPA’s DNSMPI and opt-out requirements, you need to, at a minimum:

• Disclose details related to the selling or sharing of personal information in your privacy policy (right to be informed);
• Inform users that their personal information about the sale of their personal data via a notice of sale
• Add a “Do Not Sell My Personal Information” (“DNSMPI“) link within your privacy policy and on your website’s homepage (it’s a good idea to add the link directly to the notice of sale). The link must take the user to a page where they can opt out of the sale.
• Abide by the consumer’s request.

How iubenda can help

iubenda’s set of solutions can help you comply with CCPA, in minutes!

Our Privacy and Cookie Policy Generator allows you to:

• display CCPA related language, disclosures, and instructions as legally required;
• indicate services active on your site which might constitute a sale; and
• automatically update your embedded privacy policy with the CCPA text once activated within the generator.

With our Privacy Controls and Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and easily manage opt-outs.

More specifically, it allows you to:

• display a CCPA notice of collection;
• display a “Do Not Sell My Personal Information” link within the collection notice, and add the link to your site for easy user access;
• align with the CCPA Compliance Framework by IAB (Interactive Advertising Bureau), which establishes a process for publishers and their partners to comply with new regulations regarding the sale of consumer data to technology companies;
• manually block scripts that do not adhere to the IAB CCPA Compliance Framework.

The best part? The Privacy Controls and Cookie Solution is completely free for CCPA compliance. Create your DNSMPI notice and link in minutes.

See also

• CCPA Guide
• How to Apply CCPA Standards for Californian Consumers within the Generator
• CCPA: How to add a notice of collection and a “Do not sell” link