--- title: "US CPRA Sharing and Cross-Context Behavioral Advertising Guide" canonical_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/sharing-and-cross-context-behavioral-advertising" source_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/sharing-and-cross-context-behavioral-advertising" author: "Sorena AI" description: "US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "US CPRA" - "Sharing and Cross-Context Behavioral Advertising" - "US CPRA Sharing and Cross-Context Behavioral Advertising" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # US CPRA Sharing and Cross-Context Behavioral Advertising Guide US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *US* *Sharing and Cross-Context Behavioral Advertising* ## US CPRA Sharing and Cross-Context Behavioral Advertising Sharing and Cross-Context Behavioral Advertising under the US CPRA means deciding whether a data flow counts as sharing for cross-context behavioral advertising and then documenting the opt-out, notices, owners, and evidence that follow. This page helps teams decide when a practice is covered, what the business must do next, and what records to keep. Confirm legal and policy assumptions before implementation. This page explains when a business is 'sharing' personal information for cross-context behavioral advertising under the US CPRA, what that means in plain English, and what practical steps follow. Use it to decide whether a data flow is covered, who should own the response, and what evidence to keep. ## What should teams decide about Sharing and Cross-Context Behavioral Advertising under the US CPRA? Start by deciding whether the issue affects threshold status, sensitive personal information, sharing or cross-context advertising, GPC, correction rights, data-broker duties, ADMT, risk assessments, cybersecurity audits, or service-provider contracts. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point. Keep the statutory/regulatory source, threshold calculation, data category, consumer-right workflow, opt-out signal handling, and contract evidence together so California privacy decisions are reviewable. - Define the exact Sharing and Cross-Context Behavioral Advertising trigger and the business process it affects. - Record which role, product, system, customer group, or data flow is in scope. - Attach the source-linked rule, the owner, and the evidence field before approving the control. - Escalate uncertainty when the facts depend on thresholds, exemptions, cross-border activity, vulnerable users, or enforcement-sensitive wording. Sources for this answer: - [Global Privacy Control (GPC)](https://globalprivacycontrol.org/?ref=sorena.io) - Global Privacy Control explains the browser signal that California CPRA implementations should map to sale and sharing opt-out handling. - [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for sale, sharing, privacy-choice links, and opt-out preference signal implementation. - [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official CPPA public guidance explaining consumer rights created by the CPRA amendments to the CCPA. ## Who should own Sharing and Cross-Context Behavioral Advertising, and what evidence should prove the decision? Ownership should sit with the team that can change notices, rights intake, consent/opt-out interfaces, data sharing, retention, vendor terms, or security evidence, with privacy counsel reviewing edge cases. Evidence should show threshold calculations, privacy notice language, consumer request handling, GPC processing, sensitive-personal-information controls, service-provider/contractor terms, and risk/cyber/ADMT readiness where applicable. - Name one accountable owner and one reviewer for the Sharing and Cross-Context Behavioral Advertising workflow. - Keep source screenshots or source links, decision notes, implementation tickets, and approval records together. - Use dated evidence for deadlines, notices, risk assessments, contracts, user journeys, and regulator-facing records. - Review the evidence after product changes, new markets, new vendors, enforcement updates, or material changes in the source text. Sources for this answer: - [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for sale, sharing, privacy-choice links, and opt-out preference signal implementation. - [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official CPPA public guidance explaining consumer rights created by the CPRA amendments to the CCPA. - [California Civil Code section 1798.140 - sale, share, and cross-context behavioral advertising definitions](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.140.&ref=sorena.io) - California statutory definitions support evidence decisions about sale, sharing, and cross-context behavioral advertising scope. ## Which edge cases should teams check before relying on a Sharing and Cross-Context Behavioral Advertising decision? Most CPRA mistakes happen at the boundary between CCPA and CPRA terminology, sale versus sharing, sensitive personal information, data-broker duties, and draft or phased regulatory requirements. Review this section before launching a data flow, ad-tech integration, consumer interface, vendor contract, retention rule, risk assessment, or cyber audit control. - Check whether the rule changes for minors, consumers, business users, public-sector bodies, regulated sectors, high-risk services, or cross-border transfers. - Separate binding law, regulator guidance, consultation material, standards, and enforcement commentary in the evidence record. - Do not rely on a previous answer if the data categories, user interface, vendor role, or contractual flow changed. - Track unresolved assumptions in an open-questions section and route legal interpretation points for review. Sources for this answer: - [Global Privacy Control (GPC)](https://globalprivacycontrol.org/?ref=sorena.io) - Global Privacy Control explains the signal that can trigger CPRA sale and sharing opt-out handling across browsers and devices. - [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for sale, sharing, privacy-choice links, and opt-out preference signal implementation. - [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official CPPA public guidance explaining consumer rights created by the CPRA amendments to the CCPA. - [California Civil Code section 1798.140 - sale, share, and cross-context behavioral advertising definitions](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.140.&ref=sorena.io) - California statutory definitions support edge-case review for sale, sharing, and cross-context behavioral advertising. ## How should teams operationalize Sharing and Cross-Context Behavioral Advertising with proportionate controls? Use a CPRA workflow that captures threshold status, data categories, consumer rights, opt-out signals, vendor role, retention logic, risk/cyber/ADMT trigger, owner, and review date. The output should be a threshold memo, notice update, DSAR workflow, opt-out/GPC implementation record, vendor clause map, risk-assessment intake, or audit evidence pack. - Create a short intake question that identifies the Sharing and Cross-Context Behavioral Advertising scenario. - Map the answer to a required action, evidence field, owner, reviewer, and review date. - Use the workflow to confirm the covered data flow, the notice or opt-out change needed, and the team that must act next. - Update the workflow when official source material changes or when internal evidence shows recurring exceptions. Sources for this answer: - [Global Privacy Control (GPC)](https://globalprivacycontrol.org/?ref=sorena.io) - Global Privacy Control explains the browser signal that the operating workflow must detect and route into CPRA opt-out handling. - [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Official CPPA regulations source for operational sale, sharing, privacy-choice link, and opt-out preference signal controls. - [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official CPPA public guidance explaining consumer rights created by the CPRA amendments to the CCPA. *Recommended next step* *Placement: after the practical guidance* ## Turn US CPRA Sharing and Cross-Context Behavioral Advertising into assigned work This US CPRA guide turns turn Sharing and Cross-Context Behavioral Advertising into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena. - [Open Assessment Autopilot for US CPRA](/solutions/assessment.md): Turn Sharing and Cross-Context Behavioral Advertising into scoped questions, evidence fields, and review tasks. - [Review US CPRA source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena. ## Primary sources - [Global Privacy Control (GPC)](https://globalprivacycontrol.org/?ref=sorena.io) - Supports CPRA sharing and cross-context behavioral advertising controls by explaining the browser-level GPC opt-out signal. - Quote: "GPC lets users signal their desired privacy, just by browsing" - [California Consumer Privacy Act Regulations (March 2023)](https://cppa.ca.gov/regulations/consumer_privacy_act.html?ref=sorena.io) - Supports CPRA sharing and cross-context behavioral advertising controls through official regulations for sale, sharing, privacy-choice links, and opt-out preference signals. - Quote: "The CCPA regulations govern compliance with the California Consumer Privacy Act." - [California Privacy Protection Agency FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Supports CPRA sharing and cross-context behavioral advertising by explaining the consumer rights and business obligations added by the CPRA. - Quote: "The CPRA amended the CCPA by adding additional consumer privacy rights and obligations for businesses" - [California Civil Code section 1798.140 - sale, share, and cross-context behavioral advertising definitions](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.140.&ref=sorena.io) - Supports CPRA sharing scope by defining sale, sharing, and cross-context behavioral advertising in California statute. - Quote: "Cross-context behavioral advertising means the targeting of advertising to a consumer based on the consumer's personal information" - [California CCPA Regulations section 7025 - opt-out preference signals](https://www.law.cornell.edu/regulations/california/11-CCR-7025?ref=sorena.io) - Supports CPRA sharing controls by requiring businesses to process qualifying opt-out preference signals as sale and sharing opt-outs. - Quote: "A business shall process any opt-out preference signal that meets the requirements of this section as a valid request to opt-out of sale/sharing." ## Related Topic Guides - [California CPRA Checklist](/artifacts/us/california-privacy-rights-act/checklist.md): Practical guidance for the California CPRA checklist, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA FAQ](/artifacts/us/california-privacy-rights-act/faq.md): Practical California CPRA FAQ guidance with implementation decisions, evidence, edge cases, and official California source citations. - [California CPRA penalties and fines Guide](/artifacts/us/california-privacy-rights-act/penalties-and-fines.md): US CPRA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA Requirements Guide](/artifacts/us/california-privacy-rights-act/requirements.md): Practical guidance for California CPRA requirements, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA Risk Assessments, Cybersecurity Audits, and ADMT Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-cybersecurity-audits-and-admt.md): California CPRA guidance for risk assessments, cybersecurity audits, and ADMT, with practical decisions, evidence, edge cases, and external source citations. - [California Data Broker Deletion Workflow Guide](/artifacts/us/california-privacy-rights-act/data-broker-deletion-workflow.md): California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations. - [California Data Broker Registry and DROP Guide](/artifacts/us/california-privacy-rights-act/data-broker-registry-and-drop.md): California Delete Act guide to the Data Broker Registry and DROP, with practical decisions, evidence, edge cases, and official source citations. - [California Delete Act data broker registry and DROP guide](/artifacts/us/california-privacy-rights-act/faq/data-broker-registry-and-drop.md): California Delete Act guidance for the data broker registry and Delete Request and Opt-Out Platform (DROP), with owners, evidence, and official sources. - [CPRA enforcement advisories: CPPA investigations, fines, and risk mitigation](/artifacts/us/california-privacy-rights-act/faq/enforcement-advisories.md): US CPRA guidance for Enforcement Advisories, with practical decisions, evidence, edge cases, and external source citations. - [CPRA Global Privacy Control (GPC): opt-out requirements and enforcement FAQ](/artifacts/us/california-privacy-rights-act/faq/gpc.md): US CPRA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Applicability Test Guide](/artifacts/us/california-privacy-rights-act/applicability-test.md): Practical guidance for the US CPRA applicability test, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA CCPA vs CPRA Guide](/artifacts/us/california-privacy-rights-act/ccpa-vs-cpra.md): US CPRA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Compliance Guide](/artifacts/us/california-privacy-rights-act/compliance.md): Practical guidance for the US CPRA compliance, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Consumer Rights Workflow Guide](/artifacts/us/california-privacy-rights-act/consumer-rights-workflow.md): US CPRA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Contract Terms Guide](/artifacts/us/california-privacy-rights-act/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Contracts Contractors And Service Providers Guide](/artifacts/us/california-privacy-rights-act/contracts-contractors-and-service-providers.md): US CPRA guidance for Contracts Contractors And Service Providers, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Correction Rights Guide](/artifacts/us/california-privacy-rights-act/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Cppa Regulations Tracker Guide](/artifacts/us/california-privacy-rights-act/cppa-regulations-tracker.md): US CPRA guidance for Cppa Regulations Tracker, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Cyber Audit Readiness Workflow Guide](/artifacts/us/california-privacy-rights-act/cyber-audit-readiness-workflow.md): US CPRA guidance for Cyber Audit Readiness Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Deadlines and Compliance Calendar Guide](/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar.md): US CPRA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA DSAR And Correction Workflow Guide](/artifacts/us/california-privacy-rights-act/dsar-and-correction-workflow.md): US CPRA guidance for DSAR And Correction Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA GPC Handling Guide](/artifacts/us/california-privacy-rights-act/gpc-handling.md): US CPRA guidance for GPC Handling, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA GPC Handling Workflow Guide](/artifacts/us/california-privacy-rights-act/gpc-handling-workflow.md): US CPRA guidance for GPC Handling Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Retention Guide](/artifacts/us/california-privacy-rights-act/retention.md): US CPRA guidance for Retention, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessment Intake Workflow Guide](/artifacts/us/california-privacy-rights-act/risk-assessment-intake-workflow.md): US CPRA guidance for Risk Assessment Intake Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessment Template Guide](/artifacts/us/california-privacy-rights-act/cpra-risk-assessment-template.md): US CPRA guidance for CPRA Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessments And Cybersecurity Audits Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-and-cybersecurity-audits.md): US CPRA guidance for Risk Assessments And Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Sensitive Personal Information Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information.md): US CPRA guidance for Sensitive Personal Information, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Sensitive Personal Information Limits Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA vs Colorado Privacy Act Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-colorado-privacy-act.md): US CPRA guidance for CPRA vs Colorado Privacy Act, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA vs Virginia Vcdpa Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-virginia-vcdpa.md): US CPRA guidance for CPRA vs Virginia Vcdpa, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about ADMT under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/admt.md): US CPRA guidance for ADMT, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Contract Terms under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Correction Rights under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Cybersecurity Audits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/cybersecurity-audits.md): US CPRA guidance for Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about retention under the California CPRA?](/artifacts/us/california-privacy-rights-act/faq/retention.md): California CPRA guidance for retention, including data minimization, privacy policy disclosures, evidence records, and official source citations. - [What should teams do about Risk Assessments under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/risk-assessments.md): US CPRA guidance for Risk Assessments, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sensitive Personal Information Limits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?](/artifacts/us/california-privacy-rights-act/faq/sharing-and-cross-context-behavioral-advertising.md): California CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/us/california-privacy-rights-act/sharing-and-cross-context-behavioral-advertising