California "Do Not Sell" Link Requirements
How to implement "Do Not Sell/Share My Personal Information" links to comply with the CCPA/CPRA.
What Does the CCPA/CPRA Require?
The CCPA/CPRA requires a clear, conspicuous link titled "Do Not Sell My Personal Information" (or similar) on your website's homepage and privacy policy.
In addition to "Do Not Sell," the CCPA/CPRA requires a "Do Not Share" link. "Sharing" covers cross-context behavioral advertising, even without a traditional "sale."
What Counts as "Selling" Personal Data?
Under the CCPA/CPRA, a "sale" of personal information typically includes any exchange of personal data for monetary or other valuable consideration. Common examples:
- •Sharing user data with third-party ad networks (Google Ads, Meta Pixel)
- •Selling email lists or customer data to data brokers
- •Using tracking cookies that share behavioral data with third parties
- •Retargeting and cross-site tracking pixels
Note: "Sharing" under the CCPA/CPRA specifically covers cross-context behavioral advertising — even if no money changes hands.
Where to Place the Link
Website footer
The most common placement. The link should be visible on every page.
Privacy policy page
Include the opt-out link or mechanism directly within your privacy policy.
Cookie consent banner
Integrating the opt-out into your cookie banner provides a seamless experience.
How LegalBanner Handles This Automatically
LegalBanner automatically adds "Do Not Sell/Share My Personal Information" functionality to your website:
- ✓Footer link injected automatically when configured for California
- ✓Clicking the link opens the consent preferences panel
- ✓Marketing cookies are blocked immediately on opt-out
- ✓Consent choice is logged with timestamp for compliance records
- ✓GPC signals are honored as an automatic opt-out
Set up CCPA/CPRA compliance in 5 minutes
LegalBanner handles California privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
Does the CCPA/CPRA require a "Do Not Sell" link?
Yes. The CCPA/CPRA requires a clear "Do Not Sell My Personal Information" link on your website. This link must be easily accessible, typically in the footer and privacy policy.
What's the difference between "Do Not Sell" and "Do Not Share"?
"Selling" involves exchanging personal data for monetary consideration. "Sharing" covers transferring data for cross-context behavioral advertising, even without a monetary exchange. The CCPA/CPRA requires opt-out links for both.
What happens if I don't provide a "Do Not Sell" link?
Failure to provide a required opt-out link can result in enforcement action by the California Attorney General + California Privacy Protection Agency (CPPA). Penalties can include fines up to $2,500 per unintentional violation, $7,500 per intentional violation. Private right of action for data breaches: $100-$750 per consumer per incident. per violation.
Can I combine "Do Not Sell" and "Do Not Share" into one link?
Yes. Most implementations use a combined link such as "Do Not Sell or Share My Personal Information." This satisfies both requirements and is simpler for users to understand.