Skip to content

Documentation

CCPA "Do Not Sell" Compliance

CCPA "Do Not Sell" Compliance

Last updated Mar 24, 2026

The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), require businesses to provide California consumers with the right to opt out of the sale or sharing of their personal information. Kukie.io makes it easy to add the required "Do Not Sell My Personal Information" (DNSMPI) link and handle opt-out requests.

CCPA/CPRA Requirements

If your website collects personal information from California residents and meets the CCPA thresholds, you must:

  • Provide a clear and conspicuous "Do Not Sell or Share My Personal Information" link.
  • Honour opt-out requests by stopping the sale or sharing of the consumer's personal information.
  • Log opt-out events for compliance record-keeping.
  • Not discriminate against consumers who exercise their privacy rights.

Enabling the DNSMPI Link

The DNSMPI link is configured per region in the Banner Editor Regions tab. For US visitors (or specifically California):

  1. Open the region rule for the United States (or create one if it does not exist).
  2. Set the consent model to Opt-out.
  3. In the Advanced section, enable Show Do Not Sell Link.
  4. Click Save Rule.

When enabled, a "Do Not Sell My Personal Information" link appears on the banner. Clicking it opens a dedicated opt-out modal where the visitor can confirm their choice.

The CCPA Opt-Out Modal

When a visitor clicks the DNSMPI link, a modal appears explaining their rights and providing a clear opt-out button. If the visitor confirms the opt-out:

  • Marketing and advertising cookies are blocked.
  • Google Consent Mode is updated to set ad_storage, ad_user_data, and ad_personalization to denied.
  • An opt_out consent event is logged with the visitor's choice and timestamp.
  • The visitor's preference is stored in the consent cookie for the configured duration.

Every opt-out event is recorded in the consent log with the action type opt_out. This gives you an auditable record of all CCPA opt-out requests. You can filter the consent log by action type to see all DNSMPI opt-outs.

Tip: Export your consent logs regularly for compliance documentation. The consent log supports CSV export from the dashboard.

Data Selling Opt-Out Flag

In addition to the DNSMPI link visibility, each region rule has a Data Selling Opt-Out toggle. When enabled, this flag signals to the banner script that the region has data-selling opt-out requirements, affecting how consent is processed and logged.

For websites serving California visitors, we recommend:

  1. Create a US region rule with the Opt-out consent model.
  2. Enable Show Do Not Sell Link and Data Selling Opt-Out.
  3. Keep Accept All and Reject All buttons visible.
  4. Set consent duration to 365 days (the CCPA requires you to wait at least 12 months before asking the consumer to opt in again).

Optionally, create a separate California region rule if you want different settings for California versus other US states.

Combining CCPA and GDPR

Most international websites need both GDPR (Opt-in) and CCPA (Opt-out) compliance. Use region rules to apply the correct model per region:

  • EU - Opt-in, no DNSMPI link.
  • US - Opt-out, DNSMPI link enabled.
  • Default - Opt-in (safest baseline).
Previous

Cookie Wall
Was this helpful?