cpra-opt-out-signals

Installation
SKILL.md

Implementing CPRA Opt-Out Preference Signals

Overview

CPRA Section 1798.135 requires businesses to treat opt-out preference signals (such as Global Privacy Control / GPC) as valid consumer requests to opt out of the sale and sharing of personal information. This skill covers the technical detection of GPC signals, automated honoring workflows, cross-device consistency requirements, and the interaction between browser-level signals and explicit consumer choices.

Legal Foundation

CPRA Section 1798.135 — Methods of Limiting Sale, Sharing, and Use

  1. Section 1798.135(a) — A business that sells or shares consumers' personal information shall provide a clear and conspicuous link on its homepage titled "Do Not Sell or Share My Personal Information."

  2. Section 1798.135(b)(1) — A business that sells or shares personal information shall treat the consumer's use of an opt-out preference signal as a valid request to opt out under Section 1798.120.

  3. Section 1798.135(b)(3) — A business that complies with subsection (b)(1) is not required to post the "Do Not Sell or Share My Personal Information" link on its homepage, provided it instead posts a link to a page describing the consumer's opt-out rights.

  4. Section 1798.135(e) — A business may not interpret the absence of an opt-out preference signal as consent to sell or share personal information.

CCPA Regulations (11 CCR Section 7025)

Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
cpra-opt-out-signals — mukul975/privacy-data-protection-skills