Privacy Options Icon Introduced in Updated CCPA Regulations

March 23, 2021

Updated California Consumer Privacy Act (CCPA) regulations provide businesses a new, optional Privacy Options icon to communicate opt-out options to California residents.

An optional Privacy Options icon on business websites and apps

In a March 15, 2021 press release, California’s Attorney General Xavier Becerra announced new CCPA regulations. The additional regulations support California residents’ right to opt out of the sale of their personal information by preventing websites from making the opt-out process difficult. To facilitate streamlined consumer opt outs, the new regulations offer an optional Privacy Options icon for businesses to use on their websites and apps.

A PNG file of the icon is available on the Office of the Attorney General’s website.

the Privacy Options iconSource

The blue icon was designed and tested in a year-long process by researchers from Carnegie Mellon University’s CyLab and the University of Michigan’s School of Information.

In addition to the phrase, “Do not sell my personal information,“ the icon is designed to help consumers quickly identify information about their privacy choices on a website or app, including the company’s opt-out process. The official regulation states:

(f) Opt-Out Icon. (1) The following opt-out icon may be used in addition to posting the notice of right to opt out, but not in lieu of any requirement to post the notice of right to opt-out or a “Do Not Sell My Personal Information” link as required by Civil Code section 1798.135 and these regulations. Page 3 of 5 (2) The icon shall be approximately the same size as any other icons used by the business on its webpage.

The software solutions businesses use to manage privacy obligations

For businesses that need help with crafting their privacy policies in compliance with CCPA and other data privacy laws, privacy policy generator software is available to assist. Privacy policy generator software helps companies generate and maintain privacy policies that are compliant with regulatory standards, such as the EU’s General Data Protection Regulation (GDPR), CCPA, and other jurisdictional requirements. 

To honor a user’s consent choices, businesses often employ consent management platform (CMP) software to legally document and manage a user’s consent choices prior to collecting, sharing, or selling user data from online sources such as websites and apps that use cookies, embedded videos, and other tracking technologies.

Businesses also use data subject access request (DSAR) software to process a consumer’s request to access, port, or delete the data a company holds on them. DSAR solutions ensure requests are fulfilled within the mandated response timeframes, provide workflows to help employees across an organization collaborate on locating consumer data, and ultimately provide the data to the requesting user.

Software for comprehensive privacy program management

For more comprehensive privacy program management, businesses may opt to use data privacy management software.

These tools include a centralized dashboard and have modules related to consumer request management, sensitive data discovery, and data mapping. Many data privacy management software also have additional functionalities of identity verification software, privacy impact assessment (PIA) software, privacy policy generation tools, cookie and website tracking compliance, and data breach notification functions.

G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks, and presents these rankings on our G2 Grid. The G2 Grid shows up-to-date, live rankings for data privacy management solutions based on user reviews. 


Further information on the methodology for G2’s Grid rankings, is available on the G2’s scoring methodology page.

Data privacy software specific for GDPR, CCPA, or LGPD 

Products in G2’s Data Privacy Management software category often specialize in the specific country or region-specific data privacy regulation it supports, such as the EU’s GDPR, the CCPA, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), and others. At present, the site hosts 10 products specifically designed for LGPD, 26 products for CCPA, and 52 products for GDPR.

On the Data Privacy Management software page on, users can filter software solutions that will meet the specific regulation they seek to comply with.

Filters on G2's Data Privacy Management Software page

Data Privacy Management Software ➜

Disclaimer: I am not a lawyer and am not offering legal advice. If you have legal questions, consult a licensed attorney.

Privacy Options Icon Introduced in Updated CCPA Regulations New CCPA regulations let businesses use a standard Privacy Options icon on their website and apps to communicate opt-out options to California residents.
Merry Marwig, CIPP/US Merry Marwig is a senior research analyst at G2 focused on the privacy and data security software markets. Using G2’s dynamic research based on unbiased user reviews, Merry helps companies best understand what privacy and security products and services are available to protect their core businesses, their data, their people, and ultimately their customers, brand, and reputation. Merry's coverage areas include: data privacy platforms, data subject access requests (DSAR), identity verification, identity and access management, multi-factor authentication, risk-based authentication, confidentiality software, data security, email security, and more.