In the past few years, many online business owners have taken steps to comply with privacy laws and regulations.

For many website owners, the biggest change is the introduction of the General Data Protection Regulation (GDPR) in 2018. When the GDPR came into effect in the European Union, online businesses must implement cookie banners, requiring EU visitors to choose to agree to put down cookies.

This is because the regulation introduces rules about how companies collect user data-many websites use cookies. Specifically, the law stipulates that companies can only collect data after obtaining valid user consent. Fortunately, a large number of GDPR-compliant WordPress plugins and some core WordPress updates have been released to make it easy to comply with the rules.

Since the GDPR came into effect, many other countries and states have enacted their own regulations. One such set of rules is the California Consumer Privacy Act (CCPA), which is a privacy regulation that will affect businesses of California customers (we compare them in our GDPR and CCPA articles).

Although the collection of consent to delete cookies is a major change that a website must make in order to comply with GDPR, the biggest challenge a website faces in the CCPA is Not for sale Part of the regulations.

In this article, we will learn what the “No-Sale” rule is and how WordPress users can use simple plugins to comply with the upcoming CCPA regulations.

What is the CCPA and do not sell rules?

CCPA-California Consumer Privacy Act

CCPA will take effect on January 1, 2020. This regulation affects how companies, including those that operate entirely online, collect and process data from Californians. For website owners, this will affect how they use cookies and other online trackers to collect user data.

this Not for sale Rules are an important part of supervision. It pointed out that companies must give consumers the option not to sell their personal data.

Specifically, the law stipulates that companies must:

  • There is a page titled “Don’t Sell My Personal Information” on their website. On this page, consumers in California can choose not to sell their personal data.
  • Companies must clearly link to the “Do Not Sell My Personal Information” page on the homepage.
  • The website must describe the consumer’s right to choose not to sell personal data and provide a link to the “Do not sell my personal information” page in its privacy policy.
  • Once users ask the company not to sell their personal information, the company must respect the decision for at least 12 months.
  • Finally, the website should have a way to prove that they respect the requirements of these customers.

Businesses and website owners need to develop processes to help them comply with the above guidelines.

Those who do not comply with the regulations face the risk of up to $7,500 per intentional violation and a fine of $2,500 per unintentional violation.

What is not for sale button?

The “Do Not Sell” button is a floating button that website owners can add to their website to allow visitors to choose not to sell their personal information and direct them to key pages such as “Do not sell my personal information” Page.

The “Do Not Sell” button is just one part of a broader solution to help website owners comply with the “Do Not Sell” requirements.

A supplementary element not for sale is CookiePro Consumer Rights Management solutions. This solution helps website owners create CCPA-compliant web forms that they can add to the “Do not sell my personal information” button and dedicated pages. Site visitors can use these forms to choose not to sell their personal data. CookiePro then processes these requests and stops selling data to consumers who opt-out by synchronizing with other technologies used on your website.

Do I need CCPA not to sell buttons?

To know whether you need a “Do Not Sell” button, you must first determine whether your business is subject to the CCPA and whether your business sells personal data. If you meet these two requirements, you need a “do not sell” button.

CCPA affects businesses that collect data from California residents, regardless of whether the business is located in that state. However, unlike the GDPR, which affects all companies operating in the region, companies will only be subject to CCPA if they meet one of the following three requirements:

  • If they generate 25 million dollars in income each year.
  • If they collect, buy, receive, or sell information on more than 50,000 Californians in a year.
  • If they get 50% or more of income by selling the personal data of Californians.

These seem to be quite high requirements. However, when you treat IP addresses and online identifiers as personal data, websites can actually easily reach the threshold. Essentially, you only need to collect data on 137 website visitors from California every day to reach the annual total.

In addition, it is not only data from cookies that are subject to CCPA regulations. The other types of personal data mentioned in this regulation include any content that “identifies, associates, describes, can be directly or indirectly associated with a specific consumer or family, or can be reasonably associated”.

This includes names, addresses, online identifiers, IP addresses, social security numbers, passport numbers, etc. You should include these data points in the calculation to determine whether you need to comply with the CCPA.

The next step is to determine whether your business sells the personal data it collects. For companies such as data brokers, this will be obvious. However, there are many other businesses that may not be clear.

To some extent, this comes down to the CCPA definition, which considers that “sale” is basically any form of personal information disclosure. CCPA defines sales as:

“Sell”, “sell”, “sell” or “sell” refers to the sale, lease, release, disclosure, dissemination, provision, transfer or other means of oral, written, or electronic or other means The information is provided to another company or a third party to obtain money or other valuable consideration.

This definition means that online publishers or websites that provide advertisers with visitor data to display personalized ads can be classified as sales data.

When online publishers sell advertising space, they usually share information about users on the current website with third parties, including advertising networks and trading platforms. This allows advertisers to show their ads to users who they think are interested in their products.

Due to the above definitions of “sales” and “personal data”, this approach is likely to be considered sales, which means that websites that use targeted advertising may have to provide users with the option to opt out of selling their data.

If this sounds like what your website does, you may need a “do not sell” button to avoid regulatory hassles.

How to use CookiePro to add a no-sale button on your website

CookiePro does not sell plugins

The easiest way to add a “Do Not Sell” button to your website is to use a plug-in (such as the one provided by CookiePro) that will handle the entire process for you. CookiePro’s Do Not Sell plug-in is specially developed for WordPress websites. Below are instructions for implementing it on your website.

  1. Install and activate the CookiePro Do Not Sell plugin on your WordPress website.
  2. After activation, the CookiePro CCPA plugin will appear in the left navigation of the WordPress dashboard.
  3. Customize your “not for sale” buttons and patterns.
    Optional: copy and paste CookiePro Consumer Rights The form links to the CookiePro CCPA plugin
  4. Click Save and Publish.

CookiePro does not sell plug-in Mockup

After installing the plugin, visitors from California will see a button when they visit your website with a link to the “Do not sell my personal information” page.

CookiePro does not sell buttons

When visitors click the button, they can opt out of personalized advertising or submit a consumer rights request to ensure that other technologies on your website will not sell customer data.


CCPA adds a new layer of compliance that many sites need to pay attention to. Check the conditions listed earlier, if your site meets any of these conditions, you will want to add a “Do Not Sell” button as soon as possible. You must update your website before January 1, 2020 to avoid penalties. But fortunately, with WordPress, it’s as easy as installing a plugin.

If your online business is subject to CCPA and you want to implement a “Do Not Sell” button on your website, click here Learn more about how CookiePro can help your business comply with CCPA and other privacy regulations.