Documentation

Table of Contents

What does “Do Not Sell My Personal Information” mean?

The “Do Not Sell My Personal Information” notice is a key requirement of the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA). This notice empowers consumers to opt out of the sale of their personal information, providing them with greater control over their data.

This article will explore the meaning of this notice, how businesses can comply with the requirements, and the broader implications of data privacy laws in the United States.

do not sell my personal information

What does “Do Not Sell My Personal Information” mean?

“Do Not Sell My Personal Information” refers to a notice designed to inform consumers of their right to opt out of the sale of their personal data. Under the CCPA and CPRA, a “sale” is broadly defined and includes any exchange of personal information for valuable consideration, not just monetary transactions.

The concept of “selling” personal information under the CCPA

CCPA’s definition of sale is quite broad. It doesn’t refer only to the act of exchanging for money, but to every action that could benefit the business, if the user’s personal information is shared. The CCPA calls this valuable consideration.

The concept of sale is so important because it’s the base of the consumer’s right to opt-out: a consumer has the right, at any time, to tell a business which sells their personal information to third parties that they must stop.

👉 Learn more about this topic here

The “Do Not Sell My Personal Information” notice is the practical application of the right to opt out.

Under CCPA/CPRA, you don’t need to ask consumers to opt-in to start collecting and selling their data (though there are some exceptions), but you do need to provide an easily accessible way to opt-out.

That is the “Do Not Sell My Personal Information” (“DNSMPI“) link.

If a business receives a “Do Not Sell” request from a consumer, it can no longer sell the consumer’s personal information, unless the consumer opts in again, providing an express authorization.

From their side, businesses may only ask for a consumer’s authorization one more time, and only 12 months after the consumer have opted-out.

How to comply with CCPA and “Do Not Sell” requests

If you qualify as a business*, to comply with CCPA’s DNSMPI and opt-out requirements, you need to, at a minimum:

  1. Disclose details related to the selling or sharing of personal information in your privacy policy (right to be informed).
  2. Inform users that their personal information about the sale of their personal data via a notice of sale.
  3. Add a “Do Not Sell My Personal Information” (“DNSMPI“) link within your privacy policy and on your website’s homepage (it’s a good idea to add the link directly to the notice of sale). The link must take the user to a page where they can opt out of the sale.
  4. Abide by the consumer’s request.

Under the CCPA/CPRA, a business is a for-profit organization that meets at least one of the following criteria:

  • It has a gross yearly revenue of over $25 million.
  • It buys, sells, or distributes the personal information of 100,000 or more customers or households each year, either alone or in combination.
  • It obtains 50% or more of its yearly income from selling or sharing personal information about customers.

Do Not Sell My Personal Information Examples

Let’s take a look at real-life examples of a DNSMPI notice.

Here is an example of our Do Not Sell My Personal Information linked at the footer of Litter.robot.com. It is a simple link that redirects users to the request.

On the other hand, the Walt Disney Company website has an entire page dedicated to the Do Not Sell My Personal Information link, where they explain the nature of the request and have a link to the opt-out form.

Do not sell my personal information example - Walt Disney Company

Frequently Asked Questions

What is the requirement for “Do Not Sell or Share My Personal Information”?

Businesses subject to the “Do Not Sell or Share My Personal Information” requirement must inform consumers about the sale or sharing of their personal data through their privacy policy and a specific notice of sale. They are also required to provide a visible “Do Not Sell My Personal Information” link on their website, typically on the homepage and within the privacy policy, which directs users to a page where they can easily opt out. Once a consumer opts out, the business must promptly honor that request and ensure the consumer’s personal information is no longer sold or shared.

Can I opt-out of not selling my personal information?

Yes, you have the right to opt out of the sale of your personal information by using the “Do Not Sell My Personal Information” link that businesses are required to provide. This link is usually found on their website’s homepage or within their privacy policy, allowing you to easily exercise your choice to prevent your data from being sold.

Is “Do Not Share My Personal Information” the same under CPRA?

The CPRA builds upon the CCPA by enhancing consumer protections and imposing stricter rules on how businesses handle personal data. It gives consumers the right not only to opt out of the sale of their personal information but also to limit the sharing of their personal data, providing stronger control over how their information is used and disclosed.

How iubenda can help

iubenda’s set of solutions can help you comply with CCPA in minutes!

Our Privacy and Cookie Policy Generator allows you to:

✅ Display CCPA-related language, disclosures, and instructions as legally required;

✅ Indicate services active on your site which might constitute a sale; and

✅ Automatically update your embedded privacy policy with the CCPA text once activated within the generator.

With our Privacy Controls and Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and easily manage opt-outs

More specifically, it allows you to:

✅ Display a CCPA notice of collection.

✅ Display a “Do Not Sell My Personal Information” link within the collection notice, and add the link to your site for easy user access.

✅ Align with the CCPA Compliance Framework by IAB (Interactive Advertising Bureau), which establishes a process for publishers and their partners to comply with new regulations regarding the sale of consumer data to technology companies;

✅ Block scripts that do not adhere to the IAB CCPA Compliance Framework.

Create your DNSMPI notice and link in minutes

Start now

See also

About us

iubenda

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com