This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image

Opting-Out Is Becoming Mainstream

Consumers are automating “Do Not Sell” requests; around 75% of businesses are not honoring them.

Universal Opt Out Mechanisms (UOOMs) enable consumers to automatically tell businesses not to sell or share their personal data for advertising. Until recently, honoring UOOM signals has been optional in the US. This is changing. California already requires CCPA-covered businesses to detect and honor requests made via Global Privacy Control (GPC) and other common UOOMs. A similar rule takes effect in Colorado from July 2024, and many other states will follow over the next few years. DataGrail analyzed over 5,000 websites to check how businesses respond to GPC signals. We found that 75% of websites did not honor “Do Not Sell” requests via GPC.


Our research suggests that 75% of websites do not comply with GPC requests. This means most businesses are not honorings people’s do-not-sell privacy requests. Some could be violating current law or be unprepared for upcoming legal changes.

”GPC is a way users can universally express, to all sites, their preference not to be tracked on the web. It is a browser-level signal, maintained either by a browser or browser extension, that a user or privacy-focused technology can set. The easiest way to think of GPC is as a robot that selects the Do Not Sell preference on a site on behalf of a user.”

2023 Volume of Do-Not-Sell Requests per 1M Identities

DNS per million identities cahrt

UOOMs automate requests under California’s “Do Not Sell Or Share My Personal Information” rules and similar laws. Such requests are rising and will likely increase significantly as new laws take effect.