Do Not Sell or Share
“Do Not Sell or Share” refers to an individual’s right to opt out of the sale or sharing of their personal data under privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
What is “Do Not Sell or Share”?
“Do Not Sell or Share” is a legal right that allows consumers to prevent organizations from selling or disclosing their personal data to third parties for monetary gain or targeted advertising. It was first introduced under the California Consumer Privacy Act (CCPA) and expanded under the California Privacy Rights Act (CPRA), which defines “sharing” as disclosing personal information for cross-context behavioral advertising.
Organizations subject to these laws must provide a clear and accessible “Do Not Sell or Share My Personal Information” link on their websites or apps, enabling users to exercise their opt-out rights easily.
Why “Do Not Sell or Share” matters
This right reinforces consumer control over personal data and transparency in how it’s used for advertising and marketing. It requires businesses to evaluate their data-sharing practices and ensure they have mechanisms to respect user preferences.
Failing to comply with opt-out obligations can lead to regulatory penalties, enforcement actions, and loss of consumer trust. Implementing compliant consent management solutions helps organizations track user choices, update data-sharing agreements, and maintain audit trails.
The principle also aligns with broader global trends toward data sovereignty, transparency, and user empowerment, as seen in the General Data Protection Regulation (GDPR) and other privacy frameworks.
How “Do Not Sell or Share” is used in practice
- Displaying a “Do Not Sell or Share My Personal Information” link on websites and mobile apps
- Managing opt-out signals sent via browser-based tools like the Global Privacy Control (GPC)
- Identifying and categorizing third parties involved in data selling or sharing
- Updating vendor contracts to prohibit unauthorized data transfers
- Integrating opt-out preferences with consent and privacy management systems
- Providing confirmation to users that their request has been honored
Related laws & standards
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- EU General Data Protection Regulation (GDPR)
- Colorado Privacy Act (CPA)
- Virginia Consumer Data Protection Act (VCDPA)
How OneTrust helps with “Do Not Sell or Share” compliance
OneTrust helps organizations comply with “Do Not Sell or Share” requirements by enabling user-friendly consent and opt-out management. The platform automates preference tracking, honors browser-based signals like GPC, and provides documentation for regulatory compliance.
[Explore Solutions →]
FAQs about “Do Not Sell or Share”
“Selling” involves transferring personal data for monetary or other valuable consideration, while “sharing” refers to disclosing it for targeted advertising, regardless of financial exchange.
