CCPA § 1798.135(a)(1) mandates that businesses that sell or share PI place a "Do Not Sell or Share My Personal Information" link — the statute specifies this exact text — conspicuously in the website footer, accessible on every page. A link only on the marketing homepage that disappears once users enter the authenticated app is non-compliant. Missing the exact statutory text (using "Privacy Choices" alone, for example) is also non-compliant. The footer link is often the first thing a CPPA investigator checks; its absence is a clear-cut violation requiring no further investigation to establish.
High because the footer link is an explicit statutory requirement under CCPA § 1798.135(a)(1) — its absence is a standalone violation regardless of whether an opt-out mechanism exists elsewhere.
Add the link to your site-wide footer component, not just a marketing layout, so it appears in the authenticated application experience.
// components/layout/SiteFooter.tsx
export function SiteFooter() {
return (
<footer className="border-t py-8">
<div className="container mx-auto flex flex-wrap gap-4 text-sm text-muted-foreground">
<a href="/privacy">Privacy Policy</a>
<a href="/terms">Terms of Service</a>
{/* Required by CCPA § 1798.135(a)(1) if you sell or share PI */}
<a href="/do-not-sell">Do Not Sell or Share My Personal Information</a>
</div>
</footer>
)
}
Import SiteFooter in your root app/layout.tsx, not just app/(marketing)/layout.tsx. Confirm the link renders on authenticated dashboard pages in addition to public marketing pages. If space is tight, the approved short form is "Do Not Sell or Share" — anything shorter is non-compliant.
ID: ccpa-readiness.privacy-disclosures.do-not-sell-link
Severity: high
What to look for: Inspect the footer component in the application's layout file (layout.tsx, _layout.svelte, app.html, default.vue, +layout.svelte, or equivalent). Look for a link with the exact or near-exact text "Do Not Sell or Share My Personal Information" — CCPA specifies the exact required link text. Check whether the link is visually prominent in the footer alongside other legal links (privacy policy, terms of service). Verify the link is present on all pages (site-wide footer, not just the homepage). Also check mobile layouts — the link must be accessible on mobile. If the site uses an opt-out preference signal service (like OneTrust or TrustArc), verify their "Do Not Sell" link is correctly configured and live. Before evaluating, extract and quote the exact link text and href from the footer component to confirm it matches the CCPA-required wording. Count all instances found and enumerate each.
Pass criteria: A link with the text "Do Not Sell or Share My Personal Information" (or the approved short form "Do Not Sell or Share" if space is limited) is present in the footer on all pages. The link is functional and leads to an operative opt-out mechanism. Threshold: at least 1 visible link with CCPA-required text on every page.
Fail criteria: Link is absent. Link is present but uses incorrect text (e.g., "Privacy Choices" without also having the statutory text). Link exists in footer but is not included on all pages (e.g., only on the homepage). Link leads to a page that only describes the right without providing an actual opt-out.
Skip (N/A) when: Application does not sell or share personal information — document specifically.
Cross-reference: The opt-out-mechanism-functional check in Opt-Out Mechanisms verifies the page this link navigates to actually works.
Detail on fail: Example: "No 'Do Not Sell or Share' link found in footer component (app/layout.tsx). Footer only contains Privacy Policy and Terms links." or "Link present on homepage footer but not rendered in app dashboard layout — consumers using the app have no visible link.".
Remediation: Add the required link to the site-wide footer component:
// components/layout/SiteFooter.tsx
export function SiteFooter() {
return (
<footer className="border-t py-8">
<div className="container mx-auto flex flex-wrap gap-4 text-sm text-muted-foreground">
<a href="/privacy">Privacy Policy</a>
<a href="/terms">Terms of Service</a>
{/* Required by CCPA if you sell or share PI */}
<a href="/do-not-sell">Do Not Sell or Share My Personal Information</a>
</div>
<p className="mt-4 text-xs text-muted-foreground">
© {new Date().getFullYear()} Example Inc.
</p>
</footer>
)
}
Ensure this footer is imported in your root layout (not just a marketing layout) so it appears in the authenticated application experience as well as on public pages. The link must be present in both contexts.