Skip to content

The CCPA requires businesses that sell personal information to explain that consumers have a right to opt-out of the sale[1] and provide a clear and conspicuous link on their homepage titled “Do Not Sell My Personal Information” that takes the consumer to a mechanism that permits them to exercise their opt-out right.[2] If a business does not sell personal information and affirmatively states that it does not do so in its privacy notice, it is not required to provide a “notice of [the] right to opt-out” or post a “Do Not Sell My Personal Information” link.[3] Nonetheless, some companies voluntarily choose to include the link. While there may be different motivations to include such a link, a primary motivation might be to give the business the flexibility to begin selling personal information in the future – something the CCPA only permits if the business provided consumers the ability to select “Do Not Sell” at the time their information was collected. 

Approximately 8% of companies that state they don’t sell personal information have chosen to voluntarily provide a “Do Not Sell My Personal Information” option to consumers.[4]

[1] Cal. Civ. Code § 1798.120(b) (West 2021).

[2] Cal. Civ. Code § 1798.135(a)(1) (West 2020).

[3] Cal. Code Regs. tit. 11, § 999.306(d)(1) (2021).

[4] Greenberg Traurig LLP reviewed the publicly available privacy notices and practices of 555 companies (the Survey Population). The Survey Population comprises companies that had been ranked within the Fortune 500 at some point in the past five years as well as additional companies selected from industries that are underrepresented in the Fortune 500. While the Survey Population does not fully match the current Fortune 500 as a result of industry consolidation and shifts in company capitalization, we believe that the aggregate statistics rendered from the Survey Population are representative of mature companies. Greenberg Traurig’s latest survey was conducted between September and October 2022.