How to protect your information
Opt-Out Preference Signals
One simple and easy way you can opt-out of the sale/sharing of your personal information is through an “opt-out preference signal,” or “OOPS” for short.
An OOPS is a simple and easy-to-use way for consumers to automatically exercise their right to opt-out of the sale and sharing of their personal information with the businesses they are interacting with online. With an OOPS, a consumer does not have to make individualized requests to opt-out of sale/sharing with each business.
An example of an OOPS is a setting on your internet browser or a browser extension, such as the Global Privacy Control, that automatically signals to businesses that you have chosen to opt-out of sale/sharing of personal information.
OOPS generally only applies to the browser or device you are using and with respect to online sales or sharing. It may not apply to all sales or sharing, but it’s an easy and convenient place to start.
Opt-Out One Business at a Time
A business must tell you before or at the time they collect your personal information the purposes for which they are collecting your information. If they sell or share your data, the business must notify you of how you can stop the sale or sharing of that data. And, if a business collects your sensitive personal information and uses or discloses it for purposes other than those allowed under the law, they must also notify you if you can limit the use of that information.
Toggle that toggle!
One way in which businesses allow you to exercise your choice over the sale and sharing of your information may be through a toggle or button. You can exercise your choice by using that toggle and opt-out of the selling or sharing of your information. Businesses are not allowed to use toggles or buttons that are confusing to you and should explain the effect of a toggle. If the toggles or buttons are confusing and do not make clear what choice you are making, submit a complaint with the Agency.
Click the link
If a business sells or shares your personal information or uses or discloses your sensitive personal information, they should have a link or a couple of links on their homepage through which you can exercise your privacy choices.
The link could be called “Do Not Sell or Share my Personal Information,” “Limit the Use of My Sensitive Personal Information,” “Your Privacy Choices,” or “Your California Privacy Choices.” The link(s) should take you to a page where you can control your privacy rights.
Mobile apps
Before you download an app, look at their privacy policy to see if they are selling or sharing your information. If they don’t have a privacy policy, they likely aren’t complying with California law. Keep this in mind while deciding if you still want to download the application.
Do a privacy checkup on all apps you’ve downloaded on your phone. Go into the settings on the app and ensure that the privacy settings are most privacy protective for your purposes. For example, you may want to limit the sharing of your geolocation to only when you are using the app, or exercise your choice to opt-out of the sale and sharing of your personal information.
Read a business's privacy policy
Businesses that must comply with the CCPA are required to post their privacy policy through a link using the word “privacy” on their homepage and other webpages.
The link can usually be found at the bottom of a business’s website. For mobile apps, a link to the privacy policy also must be available on the platform or download page for the app and also may be in the app’s settings menu.
- Learn what the business is doing with your data.
Reading these policies will help you better understand which categories of information a business is collecting, why they are collecting that information, and, if they sell or share that information, which category of information was sold or shared, and with which type of business. Sometimes a business isn’t selling or sharing your information at all.
- Learn how to exercise your rights.
Find the section on California or that describes how consumers like you can exercise your privacy rights, such as deleting the information a business has collected from you or correcting the information the business has about you. This information must be easy to read and accessible. All privacy policies must include a method for you to contact the business if you have any questions or concerns about their privacy policy and information practices.
If the privacy policy is hard to find, not existent, or doesn’t provide an easy method for you to exercise your rights, submit a complaint with the Agency.
Businesses cannot discriminate against you for exercising your rights
The law gives you rights to control your personal information, and a business is not allowed to discriminate against you—for example, by denying you services—for exercising your rights.
Under the law, a business must provide the same experience to someone who shares their personal information as they do to someone who chooses to opt-out. There are some exceptions, like if the business is using your information to detect fraud, but if you think a business is violating your rights, submit a complaint.