GPC — Conflict with Business-Specific Privacy Settings
Audited by Privisy — The Privisy scanner actively tests for compliance with this requirement.
What it requires
When an opt-out preference signal conflicts with a consumer's existing business-specific privacy setting that permits sale or sharing, the business must still process the signal as a valid opt-out request. However, the business may notify the consumer of the conflict and provide an opportunity to consent to sale or sharing using the consent procedures in section 7004. If the consumer consents, the business may ignore the signal for as long as the consumer is known to it.
Legal text (excerpt)
If the opt-out preference signal conflicts with a consumer's business-specific privacy setting that allows the business to sell or share their personal information, the business shall process the opt-out preference signal as a valid request to opt-out of sale/sharing, but may notify the consumer of the conflict and provide the consumer with an opportunity to consent to the sale or sharing of their personal information.
Primary source
📄California Privacy Protection Agency (CPPA) — § 7025(c)(3): GPC — Conflict with Business-Specific Privacy Settings ↗Privisy checks
The following Privisy scanner checks are grounded in this citation:
- ⚡GPC Signal — Marketing Cookies Blocked
- ⚡GPC — Marketing Trackers Blocked
Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change — verify against the authoritative source and consult a licensed attorney for compliance guidance.