Do Not Sell My Personal Information: What Is It & How To Comply?

Those “Do Not Sell My Personal Information” links on websites aren’t just legal boxes to check—they protect people’s data rights and build customer trust. While they may seem like just another compliance burden, businesses that are open about data use often see better customer relationships. There’s also a financial incentive: California fines for violations range from $2,500 to $7,500 per instance, which adds up quickly if you make a mistake affecting hundreds of customers. Understanding these requirements helps you both protect your business and respect your customers’ privacy. Ready to make your website compliant? Keep reading to learn exactly what these requirements mean for your business.

What does “Do Not Sell My Personal Information” mean?

“Do Not Sell My Personal Information” means you have the right to stop companies from sharing your data with other businesses. But “selling” doesn’t just mean trading your info for cash. Under privacy laws like California’s CCPA, “selling” includes sharing your personal details when a company gets something valuable in return—even if no money changes hands.

In everyday terms, when a website lets ad networks track visitors or analytics companies collect information, that counts as “selling” data. The website gets benefits like ad revenue or customer insights while the third parties get personal information.

Selling data isn’t always against the law, but doing it without being open about it or giving people a choice now breaks privacy rules in many places. Some regions (like Europe) require getting permission first, while others (like California) give people the right to opt out through these “Do Not Sell” links.

Why We Must Have “Do Not Sell My Personal Information” Links?

The phrase “Do Not Sell My Personal Information” comes directly from the California Consumer Privacy Act (CCPA), which took effect in January 2020. This groundbreaking law was the first major U.S. legislation giving consumers real control over their personal information.

CCPA requires businesses that sell personal data to place a clear link on their website with these exact words: “Do Not Sell My Personal Information.” This link must allow California residents to easily opt out of having their data sold to third parties.

In 2023, California strengthened these protections with the California Privacy Rights Act (CPRA), which expanded the opt-out right to include not just “selling” but also “sharing” personal information for advertising purposes. This is why you might now see links saying “Do Not Sell or Share My Personal Information” on some websites.

When you click this link, companies must stop selling your data quickly – within 15 business days at most. They cannot make you create an account just to opt out, and they cannot treat you differently or charge you more just because you exercised this right.

California’s initiative prompted similar protections elsewhere. Several other states have passed comparable laws, making “Do Not Sell My Personal Information” a standard feature across many websites.

What are ‘Do Not Sell My Personal Information’ Requirements?

The “Do Not Sell My Personal Information” link you’ve probably noticed on websites isn’t just a trendy feature—it’s actually required by California’s data privacy laws. The California Consumer Privacy Act (CCPA) and its newer version, the California Privacy Rights Act (CPRA), mandate these links for businesses that fall under their jurisdiction. If you’re not familiar with these laws, we recommend learning more about California’s data privacy regulations, but here are the key points you need to know:

• What counts as “personal information”?: The CPRA defines personal information broadly. It includes any data that identifies or could reasonably be linked to a specific person or household—everything from names and email addresses to IP addresses and biometric information. This definition is much wider than what many people assume.
• California uses an “opt-out” approach: Unlike some privacy laws that require getting permission before collecting data, California’s approach allows businesses to collect and process consumer information as long as they inform people about it. Consumers then have the right to opt out if they choose.
• From “sell” to “sell or share”: The original CCPA required a “Do Not Sell My Personal Information” link. However, businesses found a loophole—transferring consumer data without direct monetary payment (like trading for advertising services). The CPRA closed this gap by expanding the requirement to “Do Not Sell or Share My Personal Information,” covering these additional transfers.
• Who counts as “third parties”?: When a consumer clicks your DNS link, you don’t have to stop sharing with everyone. The CPRA distinguishes between contractors, service providers, and third parties. You only need to stop sharing personal information with third parties when someone opts out.

Meeting these requirements is fairly straightforward: inform consumers about your data practices and give them a clear way to opt out of the sale or sharing of their information. If they choose to opt out, you need to stop certain data transfers, but can continue necessary operational sharing with service providers and contractors.

By understanding these four key points, you’ll be in a better position to comply with California’s “Do Not Sell My Personal Information” requirements while still being able to collect and use consumer data within the boundaries of the law.

📌How to comply with ‘Do Not Sell My Personal Information’ requirements?

1. Include clear details about how personal data is sold or shared in your privacy policy.
2. Inform users about the sale of their personal data via a “Notice of Sale” section.
3. Include a “DNSMPI” link in your privacy policy and on your homepage, directing users to a page where they can opt-out of the sale or sharing of their data.
4. When a user opts out, immediately comply by stopping the sale or sharing of their personal information with third parties.

‘Do Not Sell My Personal Information’ Case Study

In 2022, beauty retailer Sephora paid $1.2 million to settle CCPA violations. California’s Attorney General found that Sephora allowed analytics and advertising companies to collect data on shoppers without proper disclosure or opt-out options. Additionally, Sephora failed to honor the Global Privacy Control signal.

This case established that allowing third-party trackers on your website in exchange for analytics or advertising benefits can legally count as “selling” personal information. It also showed that regulators actively enforce these requirements.

Following Sephora, regulators announced more enforcement actions targeting businesses that ignore opt-out signals. Various industries have faced scrutiny for privacy violations.

‘Do Not Sell My Personal Information’ Examples

Several high-profile cases show the importance of taking privacy rights seriously:

The cookie has set up their cookie banner, offering multiple clear options for visitors to choose from — including an easy-to-find “Do not sell/share my personal data” checkbox. This thoughtful setup helps visitors feel more comfortable and in control while browsing the site.

This banner made by Consentik App makes it simple to stay compliant with data privacy laws like GDPR and CCPA while maintaining a user-friendly experience. A well-designed cookie banner like this not only builds trust with visitors but also shows your brand’s transparency and professionalism.

Target

Target keeps things straightforward with a “Do Not Sell My Personal Information – CA Resident Only” link in their website footer. When you click it, you’ll need to fill out a form with your personal details including:

• First and last name
• Home address and zip code
• City
• Email address
• Phone number

This information helps Target verify you’re actually a California resident before processing your request to stop selling your data. The approach is direct but requires sharing quite a bit of information to exercise your privacy rights.

T-Mobile

T-Mobile takes a slightly different approach with their “Do Not Sell or Share My Personal Information” footer link. Clicking it takes you to a dedicated page that explains your rights in clear language.

What makes T-Mobile’s solution user-friendly is their simple toggle button system. You can switch your preferences on or off without filling out lengthy forms. The page also explains how your choice applies across your other T-Mobile accounts, which is helpful if you have multiple services with them.

The Atlantic

The Atlantic magazine includes the “Do Not Sell or Share My Personal Information” link at the bottom of their homepage. Their approach focuses on making the California Consumer Privacy Act (CCPA) options clear and accessible.

When you follow their link, you reach a page specifically designed for exercising your CCPA rights. The page focuses on explaining what opting out means in the context of a media company, where data sharing often relates to advertising and subscription management.

The Future of “Do Not Sell My Personal Information”

Setting up a good “Do Not Sell My Personal Information” system doesn’t have to be hard. Look at how companies like Target and T-Mobile do it and pick an approach that works for your business. Being clear about data use builds trust with your customers. This isn’t just about avoiding fines—it’s about showing customers you respect their privacy rights and care about protecting their information. You’re not just following today’s rules—you’re getting ready for a future where privacy protection is expected!

Struggling with that “Do Not Sell My Personal Information” requirement? Consentik makes it simple. Consentik adds a pre-checked “Do not sell my data” box to your site and automatically sends those preferences to your Shopify or Wix store. When US visitors keep this box checked, you’re instantly CCPA/CPRA compliant.It takes minutes to set up, builds customer trust, and saves you from legal headaches. Check out Consentik to protect both your business and your customers’ privacy today!