Sharing and Cross-Context Behavioral Advertising under the US CPRA means deciding whether a data flow counts as sharing for cross-context behavioral advertising and then documenting the opt-out, notices, owners, and evidence that follow.
This page helps teams decide when a practice is covered, what the business must do next, and what records to keep. Confirm legal and policy assumptions before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page explains when a business is 'sharing' personal information for cross-context behavioral advertising under the US CPRA, what that means in plain English, and what practical steps follow. Use it to decide whether a data flow is covered, who should own the response, and what evidence to keep.
Start by deciding whether the issue affects threshold status, sensitive personal information, sharing or cross-context advertising, GPC, correction rights, data-broker duties, ADMT, risk assessments, cybersecurity audits, or service-provider contracts. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point.
Keep the statutory/regulatory source, threshold calculation, data category, consumer-right workflow, opt-out signal handling, and contract evidence together so California privacy decisions are reviewable.
Ownership should sit with the team that can change notices, rights intake, consent/opt-out interfaces, data sharing, retention, vendor terms, or security evidence, with privacy counsel reviewing edge cases.
Evidence should show threshold calculations, privacy notice language, consumer request handling, GPC processing, sensitive-personal-information controls, service-provider/contractor terms, and risk/cyber/ADMT readiness where applicable.
Most CPRA mistakes happen at the boundary between CCPA and CPRA terminology, sale versus sharing, sensitive personal information, data-broker duties, and draft or phased regulatory requirements.
Review this section before launching a data flow, ad-tech integration, consumer interface, vendor contract, retention rule, risk assessment, or cyber audit control.
Use a CPRA workflow that captures threshold status, data categories, consumer rights, opt-out signals, vendor role, retention logic, risk/cyber/ADMT trigger, owner, and review date.
The output should be a threshold memo, notice update, DSAR workflow, opt-out/GPC implementation record, vendor clause map, risk-assessment intake, or audit evidence pack.
This US CPRA guide turns turn Sharing and Cross-Context Behavioral Advertising into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn Sharing and Cross-Context Behavioral Advertising into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"A business shall process any opt-out preference signal that meets the requirements of this section as a valid request to opt-out of sale/sharing."
"Cross-context behavioral advertising means the targeting of advertising to a consumer based on the consumer's personal information"
"The CCPA regulations govern compliance with the California Consumer Privacy Act."
"The CPRA amended the CCPA by adding additional consumer privacy rights and obligations for businesses"
"GPC lets users signal their desired privacy, just by browsing"