Opt Out ControlsCCPA

California CCPA Do Not Sell or Share Implementation

Implement California opt out controls that actually work across websites, apps, and partner pipelines.

Grounded in the California statute, CPPA regulations, and current California enforcement themes.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

California opt out implementation is an end to end system. The visible link is only the start. The harder work is how preferences are enforced across adtech, audience exports, customer profiles, and downstream partners.

Section 1

Consumer interface and choice architecture

The interface must be easy to find and must not use manipulative or asymmetrical choice design. The regulations call out patterns that make opting out harder than opting in.

  • Provide a prominent do not sell or share link or a permitted alternative design
  • Make the opt out path symmetrical and no more burdensome than opt in paths
  • Avoid disruptive screens, hidden toggles, or bundled choices
  • Describe the flow clearly in the privacy policy and notice of right to opt out
Section 2

GPC and signal enforcement

The business must treat an opt out preference signal such as GPC as a valid request to opt out of sale or sharing for the browser or device and associated pseudonymous profiles in the contexts the regulations describe.

  • Detect and process the Sec GPC signal or equivalent browser state
  • Apply the preference to browser, device, and linked profiles as required
  • Do not require identity verification to process the opt out signal
  • Propagate the opt out to partners, suppression lists, and audience systems
Section 3

Monitoring and downstream control

A California opt out programme should confirm that suppression reaches every sale or sharing path and that vendors actually comply when the business forwards the request.

  • Run regression tests after tag, SDK, and vendor changes
  • Retain evidence of partner suppression and forwarded requests
  • Watch for reintroduction of sharing through new marketing tools
  • Log defects and remediation so the control improves over time
Recommended next step

Turn California CCPA Do Not Sell or Share Implementation into an operational assessment

Assessment Autopilot can take California CCPA Do Not Sell or Share Implementation from turning this guidance into an operational assessment workflow to a reusable workflow inside Sorena. Teams working on California CCPA can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Assessment workflow
Open Assessment Autopilot for California CCPA Do Not Sell or Share Implementation

Start from California CCPA Do Not Sell or Share Implementation and turn the guidance into owned tasks, evidence requests, and review checkpoints.

Explore next step
Talk to Sorena
Talk through California CCPA

Review your current process, evidence gaps, and next steps for California CCPA Do Not Sell or Share Implementation.

Explore next step
Primary sources

References and citations

CPPA CCPA updates
cppa.ca.gov
Referenced sections
  • Rulemaking and effective date updates.
CPPA FAQ
cppa.ca.gov
Referenced sections
  • Official California FAQ.
CPPA regulations
cppa.ca.gov
Referenced sections
  • Official California regulations hub.
Related guides

Explore more topics

CCPA Applicability Test | California Scope Test
Test whether a business is in scope under the current California threshold model.
CCPA Checklist | California Privacy Compliance Checklist
Track the California controls that must actually exist in policy, product, and vendor operations.
CCPA Compliance Program | California Operating Model
Build a California privacy programme that survives regulator questions and product change.
CCPA Consumer Rights Workflow | 45 Day Request Handling
Run California rights operations with clear timing, verification, and downstream instructions.
CCPA Deadlines and Compliance Calendar
Use the dates that actually shape California privacy work.
CCPA Enforcement and Penalties | CPPA and AG Exposure Guide
Understand how California enforcement usually starts and what evidence the agency will ask for.
CCPA FAQ | Practical California Privacy Answers
Answer the California privacy questions that usually stall implementation.
CCPA Penalties and Fines | California Exposure Summary
Know the penalty ranges, then work backward to the controls that reduce them.
CCPA Privacy Notices and Disclosures | California Notice Architecture
Design the California notice stack so each disclosure appears in the right place and says the right thing.
CCPA Privacy Policy Template | Required California Disclosures
Write a California privacy policy that actually matches the statute and regulations.
CCPA Requirements | California Control Requirements
Translate California law into control statements that can be implemented, tested, and audited.
CCPA Scope and Thresholds | California Business Threshold Guide
Use the real California threshold tests instead of rough privacy folklore.
CCPA Service Provider and Contractor Contracts
Draft California vendor contracts that work in practice, not only on paper.
CCPA vs CPRA | What the California Amendments Changed
Compare the original CCPA and the CPRA amendments using the deltas that change real implementation work.
CCPA vs GDPR | California and EU Privacy Comparison
Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable.