1.) The “Do Not Sell My Personal Information” homepage opt-out option must be displayed every time a California resident visits a Publisher’s website.
The CCPA requires websites to “Provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information.”’
Many publishers mistakenly believe they only need to show this opt-out option once. In fact, this notice must be shown to every California resident who has not opted-out, every time a resident visits a website.
2.) Paying subscribers must also receive the “Do Not Sell My Personal Information” notice on website homepages.
The requirement to show the opt-out notice is not affected by the relationship between the publisher and the website visitor. The notice must be shown to all California visitors, including paying subscribers, registered users, and anonymous visitors.
3.) Under the CCPA, the sale of data is broadly defined, and precludes publishers from offering programmatic, data-driven targeted ads to consumers who opt-out.
The CCPA broadly defines the “sale” of personal data. As a result, once a website visitor exercises this opt-out option, the website cannot serve programmatic, behaviorally targeted advertising to this consumer.
4.) The opt-out option must be displayed on every page of the website.
The legislation defines a “Homepage” to include “any Internet Web page where personal information is collected.” Since all website pages track user behavior with cookies, the law requires the display of this opt-out option on every website page.
5.) A website visitor who opts-out of the sale of data cannot be served data-driven Google AdSense ads.
Targeted Adsense ads fall within the CCPA’s broad definition of the sale of data, and cannot be served to a user who has opted-out. However, Adsense ads which are not based on identity or behavior, such as contextual ads, remain permissible.