The “Do Not Sell My Personal Information” notice is a key requirement of the California Privacy Rights Act (CPRA) and its amendment, the California Consumer Privacy Act (CCPA). This notice empowers consumers to opt-out of the sale of their personal information (a DNSMPI link), providing them with greater control over their data.
This article will explore the meaning of this notice, how businesses can comply with it, and the broader implications of data privacy laws in the United States.
The “Do Not Sell My Personal Infomation” notice is one of CCPA’s key requirements.
If your business is selling consumers’ personal information, they must be clearly informed upon their first visit to your website or app. In this way, they can opt-out of the sale, if they wish to.
But what is a “sale” under the CCPA?
This article is a part of our series on CCPA and CCPA compliance. Read also:
👉 California Privacy Laws: What You Need To Know and How To Comply
The “Do Not Sell My Personal Information” notice is designed to inform consumers of their right to opt-out of the sale of their personal data. Under the CCPA and CPRA, a “sale” is broadly defined and includes any exchange of personal information for valuable consideration, not just monetary transactions.
The CCPA’s definition of a sale is expansive, covering any transaction where personal information is exchanged for value, even if no money changes hands. This could include sharing data with third parties in exchange for services, insights, or other benefits.
To comply with the CCPA, businesses must:
CCPA’s definition of sale is quite broad. It doesn’t refer only to the act of exchanging for money, but to every action that could benefit the business, if the user’s personal information is shared. The CCPA calls this valuable consideration.
The concept of sale is so important because it’s the base of the consumer’s right to opt-out: a consumer has the right, at any time, to tell a business which sells their personal information to third parties that they must stop.
You can learn more about this topic here.
The “Do Not Sell My Personal Information” notice is the practical application of the right to opt-out.
As we said, you don’t need to ask consumers to opt-in to start collecting and selling their data (though there are some exceptions), but you do need to provide an easily accessible way to opt-out.
That is the “Do Not Sell My Personal Information” (“DNSMPI“) link.
If a business receives a “Do Not Sell” request from a consumer, it can no longer sell the consumer’s personal information, unless the consumer opts-in again, providing an express authorization.
From their side, businesses may only ask for a consumer’s authorization one more time, and only 12 months after the consumer have opted-out.
Below is an example of our Do Not SellMy Personal Information linked at the footer of Litter.robot.com.
In order to comply with CCPA’s DNSMPI and opt-out requirements, you need to, at a minimum:
iubenda’s set of solutions can help you comply with CCPA, in minutes!
Our Privacy and Cookie Policy Generator allows you to:
With our Privacy Controls and Cookie Solution, you can display a “Do Not Sell My Personal Information” notice and easily manage opt-outs.
More specifically, it allows you to:
The best part? The Privacy Controls and Cookie Solution is completely free for CCPA compliance. Create your DNSMPI notice and link in minutes.
Businesses must inform consumers about their right to opt-out of data sales, provide a clear opt-out mechanism, and comply with opt-out requests.
Examples include websites that prominently display a “Do Not Sell My Personal Information” link and provide a straightforward opt-out form.
Use opt-out mechanisms provided by businesses, adjust privacy settings, and use tools to block data trackers.
It means consumers have the right to prevent businesses from selling or sharing their personal data.
Sharing personal information can expose you to privacy risks, including identity theft and unwanted marketing.
Businesses must provide a notice and opt-out mechanism for consumers and comply with opt-out requests promptly.
Yes, you can opt-out by using the “Do Not Sell My Personal Information” link provided by businesses.
The CPRA expands the CCPA, providing more robust consumer rights and stricter business obligations regarding personal data.
Use the “Do Not Sell My Personal Information” link on websites and follow the instructions to submit your opt-out request.
