Back to Blog
LegalTech & IA

Is the 'Do Not Sell or Share My Personal Information' Button Mandatory? (CCPA/CPRA)

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
June 29, 2026
10 min read
Is the 'Do Not Sell or Share My Personal Information' Button Mandatory? (CCPA/CPRA)

What Does the CCPA/CPRA Actually Require?

If you're a business subject to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you must provide a clear and conspicuous link titled 'Do Not Sell or Share My Personal Information' on your website or app. This isn't optional—it's a legal requirement if you engage in selling or sharing personal information. Think of it like a fire exit sign: you can't just hide it in the basement.

Who Needs This Button?

Not every business needs it. The requirement applies if you (1) are a for-profit entity doing business in California, (2) collect personal information, and (3) determine the purposes of processing. But the button is specifically triggered if you 'sell' or 'share' personal information. Selling includes exchanging data for monetary or other valuable consideration. Sharing includes cross-context behavioral advertising. If you run a blog with no ads or data sales, you might be off the hook. But if you use Google Analytics or Facebook Pixel, you're likely sharing data—so the button is mandatory.

What Happens If You Don't Have It?

Fines can reach $2,500 per unintentional violation and $7,500 per intentional violation. Plus, the California Attorney General can sue. And let's be honest: users are more aware than ever. A missing button can lead to complaints, bad press, and loss of trust. It's like forgetting to put a 'Wet Floor' sign—except the floor is your data practices, and the fall could be costly.

How to Implement It Correctly

The button must be a separate link, not buried in a privacy policy. It should be in a prominent location, like the footer or a cookie banner. The text must be exactly 'Do Not Sell or Share My Personal Information' or an equivalent that clearly conveys the opt-out right. You can also use a toggle or a form, but the link is the standard. For more details, check the California Attorney General's CCPA page.

Common Misconceptions

Some think the button is only for selling data, not sharing. Wrong. The CPRA expanded it to include sharing for cross-context behavioral advertising. Others think it's optional if they don't directly sell data. But if you allow third-party cookies for ad targeting, you're sharing. And no, a generic 'Privacy Settings' link doesn't cut it—it must be the specific phrase. Don't be that person who uses a 'Do Not Sell' button but hides it in a dropdown menu. That's like putting a fire alarm in a locked closet.

Practical Steps for Compliance

  • Audit your data flows: Do you sell or share personal information? Check your ad tech, analytics, and data brokers.
  • Add the button: Place it prominently on your homepage and any page where you collect data.
  • Honor opt-outs: When a user clicks, you must stop selling/sharing their data. Implement a mechanism to track and respect these requests.
  • Update your privacy policy: Include a description of consumers' rights under CCPA/CPRA.

FAQ

Do I need the button if I don't sell data?

Only if you 'share' data for cross-context behavioral advertising. If you don't do either, you're not required to have the button, but you must still provide a privacy policy and honor other rights.

Can I use a different phrase?

The regulation requires the exact phrase 'Do Not Sell or Share My Personal Information' or a substantially similar phrase that clearly communicates the opt-out right. Avoid creative alternatives that might confuse users.

What if I have a mobile app?

Yes, the requirement applies to mobile apps too. You need to include the link in the app's settings or a similar prominent location.

CCPA Compliance Checklist

NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.