Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

The California Consumer Privacy Act (CCPA) requires that consumers can opt-out of having their personal information sold or shared by businesses that collect it on their websites. That means that if your site can be visited by California residents, then it is a best practice to have a “Do Not Sell/Share” link accessible from every entry point.

To demonstrate that this is easier said than done, let’s once again look at the website of the global leader in consent management, OneTrust. If there's anyone that should be doing this right, it’s our friends over at OneTrust, so we’ll use them as our example. We previously looked at their website to check for a privacy policy in the first blog post of our Website Privacy Validation series.

If we scroll to the bottom of their site, we can see “Do Not Sell My Personal Information” in the bottom right corner of their footer, illustrating that they're obviously making efforts to be in compliance with certain CCPA guidelines.

 

Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

Using the ObservePoint platform, we set up a high-level Discovery Audit to scan 1000 pages of OneTrust’s public website. (Because they’re great at privacy compliance, a shallower audit of their site resulted in no issues, so we had to dig a little deeper to find anything we could discuss!)

An ObservePoint custom tag can be configured to look for specific words or links on any webpage. This can be done through employing "On-Page Actions" within the configuration settings of any ObservePoint Audit. We set it up here to look for the words “Do Not Sell My Personal Information" on all scanned OneTrust pages.

 

Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

The results of this specific check can then be seen in the Variable Inventory report, under the tag name "ObservePoint Data."

Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

If you dive in and look at the results therein, you will see the breakdown of what we found. In this Audit of OneTrust.com, we see that 923 pages have the “Do Not Sell My Personal Information” link (using that specific syntax). Awesome! However, that means that over 7% of the pages we audited do not have that specific string present and therefore may be falling short of the desired standard.

Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

Now this link should probably be included in a global footer and thus available on every page on which the footer is present. So either that global footer isn't on every page, or it's been dynamically changed on certain pages for some reason. In this specific Audit, we found instances of a couple different (older?) footers on some pages that do not include a “Do Not Sell/Share” link, as well as a number of links to pages without any footer at all.

Ultimately, if even a leader in consent management and data privacy like OneTrust has a small percentage of pages missing the “Do Not Sell/Share” link, how do you think most other brands and websites are doing? This is why auditing your “Do Not Sell/Share” link presence is the second on our list of things to regularly do — after checking for the privacy policy — to ensure your website is complying with privacy regulations.

If you’d like to see how your own website fares in delivering consistent coverage of your “Do Not Sell/Share” links, reach out about getting started.

Read the next post in our Website Validation Series: Is my cookie consent banner tag present on all pages?

Related Posts

Sports Organization Establishes Reporting & Analytics Reliability

A professional organization with a massive tech stack and an impending site migration used ObservePoint to get legacy tech under control and establish automatic Audits for ongoing checks on site health and cleanliness.
Read More

A Guide to Continuously Monitoring Your Consent Management

We’ve taken highlights from an IAPP webinar with OneTrust and ObservePoint to give you a framework for organizing consent management validation: how often you should audit, what to look for, and how to remediate issues.
Read More

How to Remediate Issues Found in ObservePoint

Steps to take when your ObservePoint Audit finds common issues with your website.
Read More

Beyond Setup: Key Steps to Continuous Compliance in Consent Management

Learn why "set it and forget it" is a risky approach and how continuous monitoring can safeguard your compliance efforts.
Read More

ObservePoint and AI: Using AI to help you innovate with ObservePoint

In this episode, we cover how generative AI solutions like ChatGPT and Google Gemini can be combined with ObservePoint to unlock powerful, new insights with minimal effort or technical knowledge.
Read More

Top News from IAPP Global Privacy Summit 2024

We’re excited to share insights gathered at the International Association of Privacy Professionals (IAPP) Global Privacy Summit this April 3-4 in DC.
Read More

Sports Organization Establishes Reporting & Analytics Reliability

A professional organization with a massive tech stack and an impending site migration used ObservePoint to get legacy tech under control and establish automatic Audits for ongoing checks on site health and cleanliness.
Read More

A Guide to Continuously Monitoring Your Consent Management

We’ve taken highlights from an IAPP webinar with OneTrust and ObservePoint to give you a framework for organizing consent management validation: how often you should audit, what to look for, and how to remediate issues.
Read More

How to Remediate Issues Found in ObservePoint

Steps to take when your ObservePoint Audit finds common issues with your website.
Read More

Beyond Setup: Key Steps to Continuous Compliance in Consent Management

Learn why "set it and forget it" is a risky approach and how continuous monitoring can safeguard your compliance efforts.
Read More

ObservePoint and AI: Using AI to help you innovate with ObservePoint

In this episode, we cover how generative AI solutions like ChatGPT and Google Gemini can be combined with ObservePoint to unlock powerful, new insights with minimal effort or technical knowledge.
Read More

Top News from IAPP Global Privacy Summit 2024

We’re excited to share insights gathered at the International Association of Privacy Professionals (IAPP) Global Privacy Summit this April 3-4 in DC.
Read More