GUIDE · UPDATED 2026-07

Your opt-out rights: CCPA/CPRA vs GDPR, in plain terms

What you can actually demand, depending on where you live — and how a data broker has to respond.

Two regimes, similar spirit

Both laws give you rights over data companies hold about you. The details differ, but the useful moves are the same: know, delete, and stop the selling.

California (CCPA, strengthened by CPRA)

  • Right to know what a business collected and who it shared with.
  • Right to delete personal information, with some exceptions.
  • Right to opt out of "sale" or "sharing" — the lever most relevant to data brokers.
  • Right to correct inaccurate information (added by CPRA).

California also runs a public data broker registry: brokers operating in the state must register, which is how regulators (and you) can find them.

European Union / UK (GDPR)

  • Right of access to your data and the purposes of processing.
  • Right to erasure ("right to be forgotten"), subject to exemptions.
  • Right to object to processing, including direct marketing — which a controller must honor.
  • Right to rectification of inaccurate data.

The practical takeaway

You don't need to quote statute numbers to opt out. Use each broker's opt-out form (what this index links to); if a broker stalls, a short written request citing "my right to opt out / to erasure" is usually enough. Keep a copy and a date.

General information, not legal advice — consult the regulators linked above for the authoritative text.

Primary sources