Opt-out Preference Signals
Audited by Privisy — The Privisy scanner actively tests for compliance with this requirement.
What it requires
Businesses that sell or share personal information must treat any qualifying opt-out preference signal as a valid request to opt out of sale/sharing for the consumer's browser, device, and associated profiles. The Register 2025, No. 39 amendments (operative January 1, 2026) updated subsections (c)(3)-(4), (c)(6) and (f)(3). Subsection (c)(3) adds conflict-resolution rules when a signal conflicts with a business-specific privacy setting; (f)(3) adds an exception permitting a link to a privacy settings page within the prohibition on interstitials.
Legal text (excerpt)
The business shall treat the opt-out preference signal as a valid request to opt-out of sale/sharing submitted pursuant to Civil Code section 1798.120 for that browser or device and any consumer profile associated with that browser or device, including pseudonymous profiles.
Primary source
📄California Privacy Protection Agency (CPPA) — § 7025: Opt-out Preference Signals ↗Privisy checks
The following Privisy scanner checks are grounded in this citation:
- ⚡GPC Signal — Marketing Cookies Blocked
- ⚡GPC Signal Honored
- ⚡Third-Party Request Inventory
Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change — verify against the authoritative source and consult a licensed attorney for compliance guidance.