---
title: "What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?"
canonical_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/faq/sharing-and-cross-context-behavioral-advertising"
source_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/faq/sharing-and-cross-context-behavioral-advertising"
author: "Sorena AI"
description: "California CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "California CPRA"
  - "California Privacy Rights Act"
  - "sharing"
  - "cross-context behavioral advertising"
  - "California privacy compliance"
  - "Sharing and Cross-Context Behavioral Advertising"
  - "Compliance"
  - "Regulatory guidance"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?

California CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations.

*Artifact Guide* *California* *Sharing and Cross-Context Behavioral Advertising*

## California CPRA Sharing and Cross-Context Behavioral Advertising

Sharing and Cross-Context Behavioral Advertising decisions under the California CPRA should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.

This page offers practical steps for implementation planning. Confirm legal and policy assumptions before implementation.

Under the California CPRA, 'sharing' means communicating personal information to a third party for cross-context behavioral advertising, and 'cross-context behavioral advertising' means targeting ads based on a consumer's activity across businesses, websites, apps, or services. This page explains when a business is in scope, what opt-out rights and notices apply, and how teams should document the decision.

## What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?

Teams should first decide whether the business is 'sharing' personal information for cross-context behavioral advertising or otherwise selling or disclosing it in a way that triggers CPRA notice and opt-out duties. If the business shares personal information with third parties for cross-context behavioral advertising, it must provide the required opt-out path, notices, and supporting controls.

In practice, confirm the data flow, the third party's role, the consumer choice mechanism, and whether the page or workflow must honor an opt-out preference signal before launch.

- Write the Sharing and Cross-Context Behavioral Advertising decision in one sentence before drafting controls.
- Attach the external source URL and a short source quote to the evidence record.
- Route unclear cases to legal, privacy, security, or compliance review before launch.

Sources for this answer:

- [California Civil Code section 1798.185](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.185.&ref=sorena.io) - Official California statutory source for opt-out preference signals, sale or sharing opt-outs, and cross-context behavioral advertising rulemaking authority.
- [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for operational opt-out, sale, sharing, and consumer-right implementation requirements.
- [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - CPPA FAQ source for consumer privacy rights, including sale or sharing opt-out context under California privacy law.

## What evidence should teams keep for Sharing and Cross-Context Behavioral Advertising under the California CPRA?

Useful evidence is not just a privacy policy. Keep the source, threshold notes, request logs, GPC test evidence, notice screenshots, vendor terms, retention logic, and approval trail together.

- Source URL and quote used for the decision.
- Scope notes, screenshots, data-flow or system references, and role mapping.
- Implementation ticket, approval record, exception notes, and review date.

Sources for this answer:

- [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for operational opt-out, sale, sharing, and consumer-right implementation requirements.
- [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - CPPA FAQ source for consumer privacy rights, including sale or sharing opt-out context under California privacy law.
- [Privacy Framework](https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks?ref=sorena.io) - Non-legal privacy-framework reference for evidence organization and privacy-control documentation patterns.

## Which mistakes create risk when handling Sharing and Cross-Context Behavioral Advertising under the California CPRA?

The common failure pattern is treating every California privacy issue as a generic CCPA notice update instead of checking CPRA amendments, sharing, sensitive data, GPC, and phased CPPA rulemaking.

- Using an old threshold, deadline, source page, or contract template without checking current source text.
- Treating a source-linked exception as a general exemption for every product or data flow.
- Publishing notices, controls, or answers that do not match the actual product behavior.

Sources for this answer:

- [California Civil Code section 1798.185](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.185.&ref=sorena.io) - Official California statutory source for opt-out preference signals, sale or sharing opt-outs, and cross-context behavioral advertising rulemaking authority.
- [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for operational opt-out, sale, sharing, and consumer-right implementation requirements.
- [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - CPPA FAQ source for consumer privacy rights, including sale or sharing opt-out context under California privacy law.
- [Privacy Framework](https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks?ref=sorena.io) - Non-legal privacy-framework reference for evidence organization and privacy-control documentation patterns.

## Primary sources

- [California Civil Code section 1798.185](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.185.&ref=sorena.io) - Official California statutory source for opt-out preference signals, sale or sharing opt-outs, and cross-context behavioral advertising rulemaking authority.
  - Quote: "Global opt out from sale and sharing of personal information"
- [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for operational opt-out, sale, sharing, and consumer-right implementation requirements.
  - Quote: "On March 29, 2023, the Office of Administrative Law approved the California Privacy Protection Agency's regulations and filed"
- [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - CPPA FAQ source for consumer privacy rights, including sale or sharing opt-out context under California privacy law.
  - Quote: "The CPRA amended the CCPA by adding additional consumer privacy rights and obligations for businesses"
- [Privacy Framework](https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks?ref=sorena.io) - Non-legal privacy-framework reference for evidence organization and privacy-control documentation patterns.
  - Quote: "Organizations should not assume implementation of these Privacy Framework activities or outcomes means that they have met the"
- [CPPA proposed CCPA regulations](https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-proposed-regs.pdf?ref=sorena.io) - Official or supporting source for California CPRA sharing and cross-context behavioral advertising implementation evidence.
  - Quote: "(c) Illustrative examples follow: 1"

## Topic Guides

- [California CPRA Checklist](/artifacts/us/california-privacy-rights-act/checklist.md): Practical guidance for the California CPRA checklist, with practical decisions, evidence, edge cases, and external source citations.
- [California CPRA FAQ](/artifacts/us/california-privacy-rights-act/faq.md): Practical California CPRA FAQ guidance with implementation decisions, evidence, edge cases, and official California source citations.
- [California CPRA penalties and fines Guide](/artifacts/us/california-privacy-rights-act/penalties-and-fines.md): US CPRA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
- [California CPRA Requirements Guide](/artifacts/us/california-privacy-rights-act/requirements.md): Practical guidance for California CPRA requirements, with practical decisions, evidence, edge cases, and external source citations.
- [California CPRA Risk Assessments, Cybersecurity Audits, and ADMT Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-cybersecurity-audits-and-admt.md): California CPRA guidance for risk assessments, cybersecurity audits, and ADMT, with practical decisions, evidence, edge cases, and external source citations.
- [California Data Broker Deletion Workflow Guide](/artifacts/us/california-privacy-rights-act/data-broker-deletion-workflow.md): California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations.
- [California Data Broker Registry and DROP Guide](/artifacts/us/california-privacy-rights-act/data-broker-registry-and-drop.md): California Delete Act guide to the Data Broker Registry and DROP, with practical decisions, evidence, edge cases, and official source citations.
- [California Delete Act data broker registry and DROP guide](/artifacts/us/california-privacy-rights-act/faq/data-broker-registry-and-drop.md): California Delete Act guidance for the data broker registry and Delete Request and Opt-Out Platform (DROP), with owners, evidence, and official sources.
- [CPRA enforcement advisories: CPPA investigations, fines, and risk mitigation](/artifacts/us/california-privacy-rights-act/faq/enforcement-advisories.md): US CPRA guidance for Enforcement Advisories, with practical decisions, evidence, edge cases, and external source citations.
- [CPRA Global Privacy Control (GPC): opt-out requirements and enforcement FAQ](/artifacts/us/california-privacy-rights-act/faq/gpc.md): US CPRA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Applicability Test Guide](/artifacts/us/california-privacy-rights-act/applicability-test.md): Practical guidance for the US CPRA applicability test, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA CCPA vs CPRA Guide](/artifacts/us/california-privacy-rights-act/ccpa-vs-cpra.md): US CPRA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Compliance Guide](/artifacts/us/california-privacy-rights-act/compliance.md): Practical guidance for the US CPRA compliance, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Consumer Rights Workflow Guide](/artifacts/us/california-privacy-rights-act/consumer-rights-workflow.md): US CPRA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Contract Terms Guide](/artifacts/us/california-privacy-rights-act/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Contracts Contractors And Service Providers Guide](/artifacts/us/california-privacy-rights-act/contracts-contractors-and-service-providers.md): US CPRA guidance for Contracts Contractors And Service Providers, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Correction Rights Guide](/artifacts/us/california-privacy-rights-act/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Cppa Regulations Tracker Guide](/artifacts/us/california-privacy-rights-act/cppa-regulations-tracker.md): US CPRA guidance for Cppa Regulations Tracker, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Cyber Audit Readiness Workflow Guide](/artifacts/us/california-privacy-rights-act/cyber-audit-readiness-workflow.md): US CPRA guidance for Cyber Audit Readiness Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Deadlines and Compliance Calendar Guide](/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar.md): US CPRA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA DSAR And Correction Workflow Guide](/artifacts/us/california-privacy-rights-act/dsar-and-correction-workflow.md): US CPRA guidance for DSAR And Correction Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA GPC Handling Guide](/artifacts/us/california-privacy-rights-act/gpc-handling.md): US CPRA guidance for GPC Handling, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA GPC Handling Workflow Guide](/artifacts/us/california-privacy-rights-act/gpc-handling-workflow.md): US CPRA guidance for GPC Handling Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Retention Guide](/artifacts/us/california-privacy-rights-act/retention.md): US CPRA guidance for Retention, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Risk Assessment Intake Workflow Guide](/artifacts/us/california-privacy-rights-act/risk-assessment-intake-workflow.md): US CPRA guidance for Risk Assessment Intake Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Risk Assessment Template Guide](/artifacts/us/california-privacy-rights-act/cpra-risk-assessment-template.md): US CPRA guidance for CPRA Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Risk Assessments And Cybersecurity Audits Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-and-cybersecurity-audits.md): US CPRA guidance for Risk Assessments And Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Sensitive Personal Information Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information.md): US CPRA guidance for Sensitive Personal Information, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Sensitive Personal Information Limits Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA Sharing and Cross-Context Behavioral Advertising Guide](/artifacts/us/california-privacy-rights-act/sharing-and-cross-context-behavioral-advertising.md): US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA vs Colorado Privacy Act Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-colorado-privacy-act.md): US CPRA guidance for CPRA vs Colorado Privacy Act, with practical decisions, evidence, edge cases, and external source citations.
- [US CPRA vs Virginia Vcdpa Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-virginia-vcdpa.md): US CPRA guidance for CPRA vs Virginia Vcdpa, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about ADMT under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/admt.md): US CPRA guidance for ADMT, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Contract Terms under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Correction Rights under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Cybersecurity Audits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/cybersecurity-audits.md): US CPRA guidance for Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about retention under the California CPRA?](/artifacts/us/california-privacy-rights-act/faq/retention.md): California CPRA guidance for retention, including data minimization, privacy policy disclosures, evidence records, and official source citations.
- [What should teams do about Risk Assessments under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/risk-assessments.md): US CPRA guidance for Risk Assessments, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Sensitive Personal Information Limits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations.

*Recommended next step*

*Placement: after the practical guidance*

## Turn California CPRA Sharing and Cross-Context Behavioral Advertising into assigned work

This California CPRA guide turns turn Sharing and Cross-Context Behavioral Advertising into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.

- [Open Assessment Autopilot for California CPRA](/solutions/assessment.md): Turn Sharing and Cross-Context Behavioral Advertising into scoped questions, evidence fields, and review tasks.
- [Review California CPRA source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material.
- [Talk through CPRA sharing and cross-context behavioral advertising implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/us/california-privacy-rights-act/faq/sharing-and-cross-context-behavioral-advertising