If your business collects personal information from California residents and either sells or shares that data, you are legally required to provide a CCPA opt-out link under the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA).

What Is a CCPA Opt-Out Link?

A “Do Not Sell or Share My Personal Information” link allows consumers to opt out of the sale or sharing of their personal data. It’s a core requirement of CCPA compliance, especially if your business engages in cross-context behavioral advertising or any activity that may qualify as a sale of personal information.

When Is a CCPA Opt-Out Link Required?

Your business must display a “Do Not Sell or Share My Personal Information” link if:

• You sell or share personal information of California consumers.
• You use personal data for cross-context behavioral advertising (i.e., targeted ads across different websites).
• Your business falls under CCPA’s applicability rules, such as:
  • Annual revenue of $25 million or more.
  • Buying, receiving, or selling the personal data of 100,000+ consumers, households, or devices annually.
  • Earning 50% or more of revenue from selling or sharing personal data.

Where Should the Opt-Out Link Be Placed?

To comply with California privacy law, the “Do Not Sell or Share My Personal Information” link must be:

• Clearly visible on every webpage, typically in the footer,
• Included in your Privacy Policy (CCPA section),
• Present on any page where personal data is collected,
• Accessible on mobile and desktop versions of your site.

Additional CCPA Requirements:

The CPRA introduced new obligations regarding sensitive personal information. If you collect data, such as:

• Financial details,
• Health-related info,
• Precise geolocation,

You must provide a “Limit the Use of Sensitive Personal Information” link. You may also combine it with your main opt-out page.

Other obligations include:

• Honor Global Privacy Control (GPC) signals automatically.
• Ensure opt-out request management systems are in place and functional.

What If You Don’t Sell or Share Data?

If your business does not sell or share personal information:

• You do not need to display the opt-out link.
• But you must clearly state this in your privacy policy to avoid confusion and maintain transparency.

Want to Dive Deeper?

For a more detailed understanding of how to implement opt-out mechanisms under the California Consumer Privacy Act and California Privacy Rights Act, check out our blog:
👉 A Guide to CPRA Opt-Out Strategies For Businesses