The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.
In addition to the “DNSMPI” link noted above, one of the other “acceptable methods” for submitting sale opt-out requests (along with use of a toll-free phone number, a designated email address, and forms submitted in person or via the mail) is user-enabled global privacy controls (“GPC”), such as a browser plug-in or privacy setting, device setting, or other mechanism to “clearly communicate or signal” a consumer’s request to opt-out of the sale of their personal information (“PI”). The effect of a GPC is to provide consumers a mechanism to broadly signal an opt-out request, as opposed to going website-by-website to make individual requests. The CCPA, and the regulations implementing the CCPA, do not, however, mandate that software developers, or developers of website browsers, include a GPC control in their products.
According to the regulations implementing the CCPA, businesses that collect personal information from consumers online must treat user-enabled GPCs as a valid opt-out request for that browser or device, or, if known, for the consumer.] The Office of the California Attorney General has indicated its view that if businesses were to have the discretion to not respond to such a mechanism, it is likely they would ignore or reject a GPC, just as many companies choose not to honor “do not track” signals when not required.
 CCPA Regulations § 999.315(a).
 CCPA Regulations § 999.315(c).