20 Examples of “Do Not Sell or Share My Personal Information” Page

20 Examples of “Do Not Sell or Share My Personal Information” Page

For eCommerce businesses, California Consumer Privacy Right (CCPA) compliance should be high on your radar from 2020. Like the General Data Protection Regulation (GDPR) in Europe, CCPA focuses on protecting California customer data and giving them a right to control their personal information (read more about CCPA rights). It came into effect on January 1st, 2020, and only applies to California residents and merchants who sell to Californians.

Although both regulations have a number of similarities, there are some key differences between them. Specifically, the CCPA requires a clear “Do Not Sell My Personal Information” page. It should provide the website visitors with an opportunity to opt out of the sale of their personal data to third parties.

In addition to the existing CCPA regulations, it’s important to note that the California Privacy Rights Act (CPRA) has introduced significant changes to data privacy compliance in California. The CPRA, which amends and expands upon CCPA, came into effect in 2023 and further strengthens the protection of California customer data. It goes beyond CCPA by introducing new requirements, such as additional consumer rights, enhanced data breach notification obligations, and stricter regulations for businesses handling sensitive personal information. Businesses operating in California must now navigate both CCPA and CPRA to ensure comprehensive compliance with the evolving landscape of data privacy regulations in the state.

One crucial point to highlight is that the “Do Not Sell My Personal Information” requirement, initially mandated by CCPA, remains a fundamental aspect of CPRA compliance as well.

Data Privacy Laws in the U.S. States

While CCPA and CPRA directly impact interactions with Californians, their influence reaches much further. Think of the CCPA as setting the standard; now, many other states are adopting similar rules to protect their residents’ data privacy. This creates a growing web of regulations that businesses must understand.

Inspired by California, many states have put their own comprehensive privacy laws into effect, such as Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, and Utah’s UCPA are just a few examples. These laws grant consumers similar rights as the CCPA. Plus, more states are actively developing and passing their own privacy legislation right now.

What does this mean for your eCommerce site? A key feature copied from CCPA/CPRA is the right to opt out of data selling or sharing. Therefore, providing a clear “Do Not Sell or Share My Personal Information” page is no longer just a California requirement

Need to implement compliance with these expanding privacy laws in your Magento store? Discover how to manage these complex requirements effectively with our Magento 2 US Privacy Laws Extension.

Where to Display Your “Do Not Sell or Share My Personal Information” Page

Since there are no strict boundaries on implementing the ”Do Not Sell or Share” page on your website, you can find a wide range of its examples in eCommerce. However, we are provided with precise requirements for where to display the “Do Not Sell” link.

As required by CCPA & CPRA, merchants have to “provide a clear and conspicuous link on the business’s Internet homepage, titled “Do Not Sell or Share My Personal Information”, as well as include the link in the Privacy Policy or other online policies. In practice, besides policies, merchants usually include the “Do Not Sell or Share” link in the footer of their websites to be easily accessible on homepages and throughout the website.

It is important to understand that this specific link requirement applies to businesses that actually “sell” or (under the updated CPRA) “share” personal information as defined by the law. If a business does not sell or share personal information, it is not obligated to provide this explicit “Do Not Sell or Share My Personal Information” link on its homepage. However, such businesses must still clearly state this fact within their Privacy Policy, affirming that they do not engage in the sale or sharing of personal information.=

Why Your Site Needs to Hear the GPC Opt-Out Signal

While providing a clear “Do Not Sell or Share My Personal Information” link is a well-known CCPA/CPRA requirement, overlooking another critical mandate can lead to non-compliance: recognizing the Global Privacy Control (GPC) signal.

Global Privacy Control is a standardized technical signal transmitted by browsers or extensions when enabled by a user. This signal automatically communicates the user’s legal right and intention to opt out of the sale or sharing of their personal information under laws like the CCPA/CPRA.

Regulations under the CCPA/CPRA make it clear: businesses subject to the law must treat a received GPC signal as a valid consumer request to opt out. It cannot be ignored. Failing to detect and honor GPC is a violation.

Websites must implement technology that can detect the GPC signal in browser requests and automatically honor it by opting the user out for that session or their associated account. This technical requirement complements the need to provide manual opt-out options, such as forms or dedicated privacy pages.

Understanding GPC is crucial before examining specific examples of “Do Not Sell” pages, as it represents a distinct and equally important facet of CCPA/CPRA compliance for eCommerce businesses.

Methods of Opting Out

Another CCPA & CPRA rule states that merchants need to provide “two or more designated methods for submitting requests”. Therefore, we have reviewed 20 popular retailers’ websites to provide you with ideas on implementing the “Do Not Sell My Personal Information” page.

We have grouped the examples into categories, namely methods and of submitting opt-out requests. Let’s take a look at each of the methods.

20 Examples of “Do Not Sell or Share” Page in eCommerce

Examples of “Do Not Sell or Share” page: an opt-out form

Most websites provide a web form that allows customers to opt out of the sale of their personal information. This form requires customers to provide personal information to complete the opt-out request. Note that you should not ask visitors to provide unnecessary information. Please review three examples of the opt-out form below.

#1 Target

As one of the largest retailers in the United States, Target Corporation includes the “Do Not Sell” page to become compliant with CCPA & CPRA requirements. Due to the expansion of the CCPA law, Target updated the location of this page. Previously, a direct link to manage privacy settings has been in the website footer. Now, this information, including how to opt out of the sale of personal information, is typically located within their Privacy Policy, which is usually accessible from the footer.

So, after landing on the guest privacy page, you should choose the desired state. The following states have laws that allow residents to opt out of the sale of their personal information or its use for targeted advertising: California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Texas, Utah, and Virginia.

Examples of “Do Not Sell or Share” page: Target 1

Right after selecting and submitting a desired state in a drop-down menu, it takes you to the page with the form to fill out. It is necessary to provide personal information such as First and Last Name, Address, Zip Code, City, Email Address, and Phone Number. The State line has already been filled out.

Examples of “Do Not Sell or Share” page: Target 2

#2 Levi Strauss & Co.

An apparel company and a global leader in jeans, Levi Strauss & Co., also includes the “Do Not Sell or Share My Info” link to the website footer. 

Examples of “Do Not Sell or Share” page: Levi Strauss & Co.

It takes you to a page with the form to fill out. There, you need to provide the following information: your First and Last Name,Type of Request, Email, and the state of residence.

Examples of “Do Not Sell or Share” page: Levi Strauss & Co. 2

#3 McDonalds

Everyone seems to know how McDonalds is eager to provide the best value to their customers. This American fast-food company also cares about customer data privacy and complies with major data privacy laws, including the CCPA. They include “Do Not Sell or Share” button in the footer of the website.

Examples of “Do Not Sell or Share” page: McDonalds 1

U.S. residents should use this dedicated webform for their McDonald’s privacy requests. Filling out the form requires the following mandatory details: state, first name, last name, and email address. Confirmation of Email AddressIt’s designed for direct use by individuals, not agents.

Examples of “Do Not Sell or Share” page: McDonalds 2

Examples of “Do Not Sell or Share” page: an opt-out email

Another way to let customers submit the Do Not Sell or Share My Personal Information request is to provide contact information for your business. According to our research, this is the second most popular opt-out method. Mainly, companies provide their email address and include a list of personal information to provide.

#4 Burberry

British luxury fashion house Burberry group has placed the “Do Not Sell My Personal Information” link in their footer’s Legal & Cookies section.

Examples of “Do Not Sell or Share” page: Burberry 1

Although it is not essential, Burberry clarifies the scope of relevant terms, noting that “sale” under these state laws is broad and not limited to monetary exchange, and that “sharing” (under CA law) or “use for targeted advertising” (under other state laws) involves using personal information for cross-context behavioral ads.

Besides direct link and browser-based opt-out preference signal, visitors may submit a broader opt-out request, which Burberry will record, by emailing donotsell@burberry.com. For this method, the required subject line is “Opt Out from Sale,” and users must provide at least the name and email address associated with their account or information.

#5 Dell

Dell is a technology company known worldwide. As with many other examples in this article, the store has a direct link in the footer to the “Do Not Sell or Share My Personal Information” page for California residents.

Examples of “Do Not Sell or Share” page: Dell

The store offers several ways to opt out of the data, among them are form submitting and cookie managing preferences. In addition to those options, “you can submit detailed privacy-related requests at any time… via email at privacy@dell.com”.

Examples of “Do Not Sell or Share” page: blocking cookies in browser

Alternatively, some websites offer to block cookies as one of the additional methods to opt out of the sale of personal information. Mainly, they place an opt-out cookie on a customer browser and prevent information from being collected by advertising partners.

Although we do not recommend this opt-out method as the main one, it may be a good alternative to provide your customers with more security information and opt-out options.

#6 Costco

An American membership warehouse club, Costco, offers their clients to opt-out of selling personal information. You can find all related information in the Privacy Policy, which clearly shapes each aspect related to personal data.Within the privacy policy you can find the link to Data Rights Request, which enables residents of some U.S. states to request access, correct, and delete their personal information through this portal.

Examples of “Do Not Sell or Share” page: Costco 1

For California residents specifically, Costco clarifies that opting out of digital tracking associated with “sale” or “sharing” can also be managed through their separate “Cookie Settings” webpage. This dual approach highlights the need to address both account-level preferences and browser-based tracking mechanisms.

Examples of “Do Not Sell or Share” page: Costco 2

#7 Best Buy

The next company on our list is Best Buy. You can find the “Do Not Sell” link in the footer of the website.

Best Buy offers a valuable illustration of how businesses are adapting to state privacy laws. On the page, they have a dropdown menu prompting users to select their state of residence. After selecting their state, users locate the page with the very form.

Examples of “Do Not Sell or Share” page: Best Buy

Additionally, the “Do Not Sell or Share” page contains detailed information explaining how your personal information may be collected, as well as the fact that visitors need to opt out of internet-based advertising by visiting www.aboutads.info/choices.

Examples of “Do Not Sell or Share” page: Best Buy 2

#8 Blizzard

A worldwide-known video game developer and publisher, Blizzard Entertainment, Inc. includes essential details regarding your privacy rights within the Privacy Policy. By following this link, you’ll get the “Do not Sell/Share” page.

Blizzard suggests specific ways to opt out of the “sale” or “sharing” of your personal information for targeted advertising purposes:

  1. Via Battle.net Account Settings.
  2. Via Website Cookie Settings (Using their specific “Cookie Settings” link, general browser settings, industry-wide opt-out tools, or Recognition of Global Privacy Control (GPC) and Do Not Track (DNT) signals).
Examples of “Do Not Sell or Share” page: Blizzard

Examples of “Do Not Sell or Share” page: advertising industry opt-out tools

Some companies offer visitors additional choices regarding the collection and use of their personal information. For example, many third-party advertisers use tracking and targeting tools on the website either directly or as a program partner. More specifically, customers can visit each partner’s website and limit third parties’ collection and use of personal information.

#9 Disney

Similarly to all large corporations, The Walt Disney Company provides the best customer service and security to remain on the top of its industry. Being international, this mass media & entertainment conglomerate complies with laws, including the requirements of CCPA&CPRA.

Examples of “Do Not Sell or Share” page: Disney 1

The main method for opting out of the “sale” or “sharing” of personal information is clicking the dedicated “Do Not Sell or Share My Personal Information” link found directly on their websites or within their apps.

Examples of “Do Not Sell or Share” page: Disney 2

Disney provides several ways to exercise opt-out rights regarding “selling,” “sharing,” or “targeted advertising” as defined by applicable privacy laws: 

  1. Using an on-page toggle in a popup, which activates when clicking on the “Do not Sell or Share” button
  2. Submitting an opt-out form
  3. Enabling a Global Privacy Control (GPC) signal where available. 
  4. Customers can submit the opt-out request at each of Disney’s partners separately. All in all, visitors can opt out of internet-based advertising, social media site ad tracking and analytics, as well as digital measurement research on each partner site.

#10 Kohl’s

Another example we offer you to consider is Kohl’s – an American department store retail chain. The “ Do Not Sell My Information Page” can be accessed from the website’s footer.

By clicking there, customers are redirected to a landing page with comprehensive information about the California residents’ rights, as well as an opt-out form you are already familiar with. 

Additionally, below the opt-out form, Kohl’s provides visitors with further instructions on how to opt-out of “all targeted advertising in desktop and mobile browsers on a particular device”. As their partners provide this targeted advertising, you need to go to the partner websites and opt out.

Examples of “Do Not Sell or Share” page: Kohl’s

Examples of “Do Not Sell or Share” page: an opt-out button

It takes some time to click on the “Do Not Sell My Personal Information” link and proceed with multiple steps to opt out. However, some websites have an opt-out button that allows customers to opt out with a single click. Let’s take a look at some of them.

#10 GROUPON

Being an American worldwide-known eCommerce marketplace, Groupon is the company that stays up-to-date with CCPA requirements and introduces the “Do Not Sell or Share My Personal Information” page in the footer of the website. Generally, it is a popup that informs consumers that their data might be collected.

Examples of “Do Not Sell or Share” page: Groupon

You can find more information about opting out by clicking the Privacy Statement link in the popup.

#12 eBay

On eBay, a well-known worldwide shopping and auction website, you can make a Do Not Sell My Personal Information request by clicking on the appropriate link (CA Privacy Notice) in the footer of the website. All you need to do is simply switch the toggle to “Out”.

Examples of “Do Not Sell or Share” page: eBay

Additionally, the website informs you of how your opt-out is applied: for logged-in users, the choice will be associated with their account. Otherwise, the opt-out choice will be applied to a currently used browser and only until the browser’s cookies are erased.

#13 Walmart

Walmart follows the CCPA&CPRA requirements and cares about the security of its customers. If you go to the “Walmart.com” section in the footer, you can find the “Your Privacy Choices” hyperlink.

Prior to filling out the opt-out form with personal information, you need to indicate whether you are submitting the request for yourself and confirm state residence. 

Examples of “Do Not Sell or Share” page: Walmart 1

After filling out the form, you need to provide and confirm your email address. Alternatively, you may proceed to the next step without providing an email, but this option is more time-consuming. You will then be directed to the ‘Your Privacy Rights’ page, where you can request, delete, or opt out of the sale or sharing of your personal information, and withdraw consent for the processing of Sensitive Personal Information (SPI).

Note that if you set the state to one where CPRA regulations do not directly apply, you will see a message stating that this service is not available for your area.

Examples of “Do Not Sell or Share” page: Walmart 2

#14 Rakuten

In Rakuten, one of the largest Japanese eCommerce sites, the “Do Not Sell or Share My Data” link is accessible in the website’s footer. After landing on the page, you can choose to opt out or delete your data.

Examples of “Do Not Sell or Share” page: Rakuten

Click your desired option, and a popup will appear—by clicking it, you automatically initiate the process.

Examples of “Do Not Sell or Share” page: Rakuten 2

Examples of “Do Not Sell or Share” page: submitting all privacy requests on page

In order to comply with CCPA, you should not forget about other rights. Besides the right to opt out of third-party data sales, your website visitors also have the right to have collected data disclosed and deleted. Therefore, many merchants combined these requests to be submitted from one page. Usually, this is an opt-out form, where visitors need to provide their personal data and specify the type of the request. Please check four examples of the privacy requests page below.

#15 Home Depot

Being the largest US home improvement retailer, Home Depot couldn’t skip the new CCPA law. To make their customers feel safe, the company places all required pages like “Privacy Policy”, “Cookie Usage”, “California Privacy Rights”, etc. in the footer. “Do Not Sell or Share My Personal Information” is not an exception.

Examples of “Do Not Sell or Share” page: Home Depot

When clicking on the “Do Not Sell or Share My Personal Information” page, customers are taken to the Exercise My Privacy Rights page. After a clear explanation of how the opt-out request works, they can find the Privacy request form. 

Besides opt-out of sale or sharing, website visitors can also submit Get My Information, Delete My Information, Limit the Use of Personal Information, and Correct Information requests. In order to submit the request, it is required to select its type and fill in some personal information. Next, the verification email will be sent to the provided email address.

Examples of “Do Not Sell or Share” page: Home Depot 2

Otherwise, website visitors can call 1-800-394-1326 to speak to a representative if they don’t like to provide an email address during the form submission.

#16 Samsung

Samsung is one of the leading South Korean multinational electronics companies. When going to their official website, you are immediately captured with the innovative graphics and animation. Scroll down to the footer and click on the “Do Not Sell or Share My Personal Information” page.

You are taken to the popup Privacy and Cookie Preference Center popup. Click “Samsung Privacy Request Portal”.

Examples of “Do Not Sell or Share” page: Samsung

Besides the ability to request not to sell/share personal data, customers can also access, delete, and correct their personal information collected by Samsung. 

After clicking the Create Request, you need to declare residency, select the type of request and request type, review requests, and submit them. Then the request summary will be generated.

Examples of “Do Not Sell or Share” page: Samsung 2

#17 Lowe’s

One of the largest hardware chain businesses in the US and Canada, Lowe’s keeps pace with the latest CPRA rules and provides customers with the “Do Not Sell or Share My Personal Information” link in the footer of the webpage.

Examples of “Do Not Sell or Share” page: Lowe’s 1

You can find there the following information: “To opt out of sale, sharing and targeted advertising, please submit an opt-out request via the Lowe’s Privacy Request Portal or by calling 800-309-5732 and asking to restrict sale, sharing or targeted advertising.

Examples of “Do Not Sell or Share” page: Lowe’s 2

You have to follow three steps to submit a request: provide the requestor’s information, select the type of request, and submit.

Examples of “Do Not Sell or Share” page: Lowe’s 3

#18 Coca-Cola

Coca-Cola, an American multinational beverage corporation, needs no further presentation, as well as the fact that they value customer trust. The company is CCPA&CPRA compliant and, under the requirements, it provides the “Do Not Sell or Share My Personal Information” page in the footer of the website.

Clicking on the link directs you to a dedicated page explaining their approach. While the page frames data usage positively (“to help us deliver the best, most refreshing experiences… like special promotions… and customized offers“), it crucially provides clear instructions and a form to submit a request.

Examples of “Do Not Sell or Share” page: Coca-Cola 1

When clicking on the hyperlink, customers are to fill out a request form specifying the request type (opt-out of sales or sharing, delete personal information, or request personal information, etc.). Then, it is necessary to provide name, email, and other data, including the phone number, to get a confirmation message.

Examples of “Do Not Sell or Share” page: Coca-Cola 2

Examples of “Do Not Sell or Share” page: providing various opt-out options

In this section, we are going to introduce you to the most comprehensive opt-out implementation according to our research, as the reviewed companies provide clear information about how to submit requests in different ways suitable for all visitors. 

Besides already familiar options (by phone and direct link), we recommend you consider a privacy portal implementation. Customers can either log in to the privacy portal and make a request associated with their account or create requests providing their personal data and email for confirmation.

#19 Macy’s

At Macy’s, they also care about customers’ privacy. By clicking on the “Do Not Sell or Share My Personal Information” link in the footer, you are taken to the Notice of Privacy Practices landing page.

Examples of “Do Not Sell or Share” page: Macy’s

There, you are provided with three possible ways to submit the request:

  • Via Data Privacy Portal, where you can also submit personal data access and deletion requests
  • Directly from the opt-out of sale of Personal Information link
  • By phone at 800-920-3588
Examples of “Do Not Sell or Share” page:

#20. Bloomingdale’s

An American luxury department store chain does not stand aside from customer privacy as well. You can easily access the “Do Not Sell/Share My Personal Information” page in the website’s footer. 

Examples of “Do Not Sell or Share” page: Bloomingdale’s

Just as Macy’s does, Bloomingdale’s redirects you to the Notice of Privacy Practices page and provides you with three options to submit the opt-out request.

  • Submit the request by provided phone number.
  • Use their privacy portal, where you can also submit a personal information access request, as well as an account deletion request.
  • Use the direct link.
Examples of “Do Not Sell or Share” page: Bloomingdale’s 2

Final Thoughts

Over a year after CCPA & CPRA went into effect, we can observe the “Do Not Sell or Share My Personal Information” page on almost all large corporations’ websites. Californians who are aware of their rights are very likely to opt out and secure their personal information. 

Under the CCPA&CPRA, the “Do Nor Sell or Share” page must be “clear and conspicuous” if the website actually “sell” or “share” personal information. It should also explain what kind of personal information is gathered and why, and how to exercise the right to opt-out of the sale of personal information.

The “Do Not Sell/Share” page must be located on the Homepage and Privacy Policy. However, many websites we have reviewed display the link in the website footer since consumers often look here for legal policies.     

Commonly, companies include an opt-out form as the main method to opt out, which consumers can complete making the request.

Additionally, you have to include at least one additional opt-out method according to the CCPA&CPRA requirements. You can choose other designated methods from the following ones:

  • Email submission form
  • Toll-free phone number

As one of the additional opt-out methods, some companies place and store an opt-out cookie on your browser, preventing personal information from being available to advertising partners. Others, though, offer to submit a request on each of the partners’ websites. And finally, you may consider restricting access to the “Do Not Sell or Share” page in areas where this law does not apply.  On top of that, you must protect your consumers’ rights and accept all opt-out requests to avoid getting fines from the specific state and losing consumers due to bad faith.

Share: