October 16, 2021

Volume XI, Number 289

Advertisement
Advertisement

October 15, 2021

Subscribe to Latest Legal News and Analysis

October 14, 2021

Subscribe to Latest Legal News and Analysis

October 13, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

How Many Do Not Sell Requests Do Retailers Receive Each Year?

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information link, the businesses must report the number of do not sell requests it received in the year.[1]

It is important to note that 31% percentage of retailers do not post a “do not sell” link on their websites, indicating that they have taken the position that they do not sell personal information of California residents. Based upon a review of the websites of the Fortune 500, those retailers that offered a do not sell option received on average 106,134 do not sell requests.[2] It is worth noting that do not sell requests were not evenly distributed. Some retailers reported receiving as few as 125 do not sell requests, whereas other retailers reported receiving 668,000 such requests. While it is difficult to determine the reason for the disparity, it is possible that some retailers may not have been counting opt-outs from behavioral advertising (e.g., opt-outs from a cookie banner) as requests that information not be sold.


[1] Cal. Code Regs. tit. 11, § 999.317(g) (2021).

[2] Review was conducted in August of 2021.

©2021 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 265
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement