What does “Do Not Sell My Personal Information” mean?

The “Do Not Sell My Personal Information” notice is a key requirement of the California Privacy Rights Act (CPRA) and its amendment, the California Consumer Privacy Act (CCPA). This notice empowers consumers to opt-out of the sale of their personal information (a DNSMPI link), providing them with greater control over their data.

This article will explore the meaning of this notice, how businesses can comply with it, and the broader implications of data privacy laws in the United States.

Understanding “Do Not Sell My Personal Information”
What does it mean to “sell” personal information under the CCPA
The “Do Not Sell My Personal Information” notice and link
How to comply with CCPA and “Do Not Sell” requests
How iubenda can help
FAQs

The “Do Not Sell My Personal Infomation” notice is one of CCPA’s key requirements.

If your business is selling consumers’ personal information, they must be clearly informed upon their first visit to your website or app. In this way, they can opt-out of the sale, if they wish to.

But what is a “sale” under the CCPA?

🇺🇸

More on CCPA

This article is a part of our series on CCPA and CCPA compliance. Read also:

👉 California Privacy Laws: What You Need To Know and How To Comply

Understanding “Do Not Sell My Personal Information”

The “Do Not Sell My Personal Information” notice is designed to inform consumers of their right to opt-out of the sale of their personal data. Under the CCPA and CPRA, a “sale” is broadly defined and includes any exchange of personal information for valuable consideration, not just monetary transactions.

What constitutes a “sale” under CCPA?

The CCPA’s definition of a sale is expansive, covering any transaction where personal information is exchanged for value, even if no money changes hands. This could include sharing data with third parties in exchange for services, insights, or other benefits.

Requirements for Businesses

To comply with the CCPA, businesses must:

Disclose details about the selling or sharing of personal information in their privacy policies.
Inform users about the sale of their personal data through a notice of sale.
Provide a “Do Not Sell My Personal Information” link on their homepage and within their privacy policy, leading to a page where users can opt-out.
Honor consumer opt-out requests promptly and without seeking re-authorization for at least 12 months.

What does it mean to “sell” personal information under the CCPA

CCPA’s definition of sale is quite broad. It doesn’t refer only to the act of exchanging for money, but to every action that could benefit the business, if the user’s personal information is shared. The CCPA calls this valuable consideration.

The concept of sale is so important because it’s the base of the consumer’s right to opt-out: a consumer has the right, at any time, to tell a business which sells their personal information to third parties that they must stop.

You can learn more about this topic here.

The “Do Not Sell My Personal Information” notice and link

The “Do Not Sell My Personal Information” notice is the practical application of the right to opt-out.

As we said, you don’t need to ask consumers to opt-in to start collecting and selling their data (though there are some exceptions), but you do need to provide an easily accessible way to opt-out.

That is the “Do Not Sell My Personal Information” (“DNSMPI“) link.

If a business receives a “Do Not Sell” request from a consumer, it can no longer sell the consumer’s personal information, unless the consumer opts-in again, providing an express authorization.
From their side, businesses may only ask for a consumer’s authorization one more time, and only 12 months after the consumer have opted-out.

Do Not Sell My Personal Information Example

Below is an example of our Do Not SellMy Personal Information linked at the footer of Litter.robot.com.

How to comply with CCPA and “Do Not Sell” requests

In order to comply with CCPA’s DNSMPI and opt-out requirements, you need to, at a minimum:

Disclose details related to the selling or sharing of personal information in your privacy policy (right to be informed);
Inform users that their personal information about the sale of their personal data via a notice of sale
Add a “Do Not Sell My Personal Information” (“DNSMPI“) link within your privacy policy and on your website’s homepage (it’s a good idea to add the link directly to the notice of sale). The link must take the user to a page where they can opt out of the sale.
Abide by the consumer’s request.

💡 Click here for a full CCPA compliance checklist.

How iubenda can help

iubenda’s set of solutions can help you comply with CCPA, in minutes!

Our Privacy and Cookie Policy Generator allows you to:

display CCPA related language, disclosures, and instructions as legally required;
indicate services active on your site which might constitute a sale; and
automatically update your embedded privacy policy with the CCPA text once activated within the generator.

With our Privacy Controls and Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and easily manage opt-outs.

More specifically, it allows you to:

display a CCPA notice of collection;
display a “Do Not Sell My Personal Information” link within the collection notice, and add the link to your site for easy user access;
align with the CCPA Compliance Framework by IAB (Interactive Advertising Bureau), which establishes a process for publishers and their partners to comply with new regulations regarding the sale of consumer data to technology companies;
manually block scripts that do not adhere to the IAB CCPA Compliance Framework.

The best part? The Privacy Controls and Cookie Solution is completely free for CCPA compliance. Create your DNSMPI notice and link in minutes.

Create your “Do Not Sell My Personal Information” notice

FAQs

What are the rules for “Do Not Sell or Share My Personal Information”?

Businesses must inform consumers about their right to opt-out of data sales, provide a clear opt-out mechanism, and comply with opt-out requests.

Do Not Sell or Share My Personal Information Example?

Examples include websites that prominently display a “Do Not Sell My Personal Information” link and provide a straightforward opt-out form.

How do I protect my information from being sold?

Use opt-out mechanisms provided by businesses, adjust privacy settings, and use tools to block data trackers.

What does “Do Not Sell or Share My Personal Information” mean?

It means consumers have the right to prevent businesses from selling or sharing their personal data.

Why should I not share my personal information?

Sharing personal information can expose you to privacy risks, including identity theft and unwanted marketing.

What is the requirement for “Do Not Sell or Share My Personal Information”?

Businesses must provide a notice and opt-out mechanism for consumers and comply with opt-out requests promptly.

Can I opt-out of not selling my personal information?

Yes, you can opt-out by using the “Do Not Sell My Personal Information” link provided by businesses.

Do Not Share My Personal Information with CPRA?

The CPRA expands the CCPA, providing more robust consumer rights and stricter business obligations regarding personal data.

How do I opt-out of selling personal information?

Use the “Do Not Sell My Personal Information” link on websites and follow the instructions to submit your opt-out request.

Find out your site’s compliance rate. Can you get to 100%?

Streamline your compliance journey

Templates

Legislations

Guides

Integrations

Have a project in mind?

Documentation