What is Right to Opt-Out?

The right to opt-out is the defining feature that distinguishes CCPA from many other privacy laws. CPRA expanded this right beyond just "sales" to include "sharing" of personal information for cross-context behavioral advertising. When a consumer opts out, the business must stop selling or sharing their information with third parties within 15 business days. The business must also notify all third parties to whom it sold or shared that consumer's information to not further sell or share it. Businesses are prohibited from asking the consumer to re-authorize sale or sharing for at least 12 months after receiving an opt-out request. Organizations must implement this right through multiple channels: a prominent "Do Not Sell or Share My Personal Information" link on their website, support for the Global Privacy Control (GPC) browser signal, and processing of opt-out requests received through other channels like email or phone. The technical implementation requires maintaining a suppression list, integrating opt-out status with all data sharing workflows, and propagating opt-out signals to downstream data recipients.