If your business is subject to comply with the California Consumer Privacy Act (CCPA), you need to add a Do Not Sell My Personal Information button and page to your website.
A Do Not Sell My Personal Information (DNSMPI) page allows consumers to opt out of the sale of personal information collected about them by your business. Under the CCPA, “sale” is defined as the sharing of consumers’ personal information in exchange for compensation.
Learn more about the CCPA Do Not Sell My Personal Information rule, how to create your DNSMPI page, and where to display it.
What Is the CCPA Do Not Sell Rule?
The CCPA Do Not Sell Rule states that a business must:
- Have a page that allows consumers to opt out of the sale of their personal information (i.e., a Do Not Sell My Personal Information page).
- Provide a link or button titled “Do Not Sell My Personal Information” on the business’s website homepage that directs consumers to the DNSMPI page.
- Immediately cease the sale of the requesting consumer’s personal information upon verification of a Do Not Sell request.
- Wait at least 12 months before requesting that a consumer opt back in to the sale of their personal information.
The official CCPA text further states that the appropriate links and pages can be made available to California consumers only. For example, you can have a dedicated homepage for California consumers, on which you provide a Do Not Sell My Personal Information link.
However, this is only lawful if:
the business takes reasonable steps to ensure that California consumers are directed to the homepage for California consumers
In other words, you need to ensure that your California consumers have access to your Do Not Sell My Personal Information button and page.
Creating Your Do Not Sell My Personal Information Page
To create a Do Not Sell My Personal Information page, you can:
- Use an online form building service to create and host your Do Not Sell page.
- Create a new page or form in the backend of your site.
If you’re creating your own CCPA Do Not Sell page, read on for details about what information you need to include.
What to Include in Your Do Not Sell Page
If you’re writing your own Do Not Sell My Personal Information page, you need to include the following two items:
1. Consumer Contact Information
Your DNSMPI form must have fillable fields where the consumer can add their contact details, such as their name and email address.
You need the consumer’s name so you can remove them from selling lists, and you need a method of contacting them in case you need to verify the Do Not Sell request.
Many businesses include a state selection menu on the form to confirm that the consumer making the request is a California resident.
Here’s an example from AT&T’s Do Not Sell My Personal Information page:
2. Action Request
Next on your form, you need a button, selection menu, or checkbox that allows the consumer to verify that they’d like to opt out of the sale of their personal information.
Along with the right to opt out of data sale, consumers are given the right to request access to or deletion of their personal information under the CCPA. You can allow consumers to act on all of these rights via your DNSMPI page.
Check out how Coca Cola’s request form asks the consumer to specify what type of request they’re making:
How to Display Your Do Not Sell Page
The Do Not Sell button on your homepage needs to read:
Do Not Sell My Personal Information
Here’s how Coca Cola displays their Do Not Sell My Personal Information link in their homepage footer:
There are three types of privacy policies from which you can link your Do Not Sell My Personal Information page:
Do Not Sell My Personal Information Page Example
Do Not Sell My Personal Information pages vary from business to business. Let’s check out an example of Hulu’s Do Not Sell page.
After a consumer clicks the Do Not Sell link, they’re taken to this page, which explains the CCPA opt out rights and gives instructions for opting out of sale:
Notice how Hulu asks consumers to make their request directly from their accounts. This eliminates the need to collect contact information, and simplifies the process of verifying a user request.
Upon following the instructions to go to Privacy and Settings > California Privacy Rights > Right to Opt Out, a consumer will get the following page where they can indicate which right they’re acting on:
After clicking Change Status under the Right to Opt Out, a consumer will finally confirm their Do Not Sell request with this page:
Hulu is an example of an extensive Do Not Sell page and process. While they make the consumer go through multiple steps, they save time and effort verifying requests, as the consumer changes their settings directly in their account.
Do Not Sell My Personal Information Button Examples
Do Not Sell My Personal Information buttons (or links) appear on businesses’ website homepages. Here are a few examples of how these buttons look:
Here’s how the LA Times displays their Do Not Sell link in their homepage footer, next to their policy links and copyright notice:
The Walt Disney Company takes a similar approach, placing their Do Not Sell button alongside their policies and terms:
Lastly, the Guardian displays a Do Not Sell My Personal Information button in a popup that appears upon entering the site:
Once the popup is dismissed, a Do Not Sell link can also be found in their website footer.
If your business is subject to comply with the CCPA, create a Do Not Sell My Personal Information page now to avoid fines.
- When answering questions in the builder, select Yes, I wish to be CCPA compliant:
- Paste the code snippet into your website’s footer, and anywhere else on your website where you want a Do Not Sell My Personal Information button to appear.