GUIDE · UPDATED 2026-07
Your opt-out rights: CCPA/CPRA vs GDPR, in plain terms
What you can actually demand, depending on where you live — and how a data broker has to respond.
Two regimes, similar spirit
Both laws give you rights over data companies hold about you. The details differ, but the useful moves are the same: know, delete, and stop the selling.
California (CCPA, strengthened by CPRA)
- Right to know what a business collected and who it shared with.
- Right to delete personal information, with some exceptions.
- Right to opt out of "sale" or "sharing" — the lever most relevant to data brokers.
- Right to correct inaccurate information (added by CPRA).
California also runs a public data broker registry: brokers operating in the state must register, which is how regulators (and you) can find them.
European Union / UK (GDPR)
- Right of access to your data and the purposes of processing.
- Right to erasure ("right to be forgotten"), subject to exemptions.
- Right to object to processing, including direct marketing — which a controller must honor.
- Right to rectification of inaccurate data.
The practical takeaway
You don't need to quote statute numbers to opt out. Use each broker's opt-out form (what this index links to); if a broker stalls, a short written request citing "my right to opt out / to erasure" is usually enough. Keep a copy and a date.
General information, not legal advice — consult the regulators linked above for the authoritative text.