Skip to main content

Opt Out Requests

CPRA gives data subjects the Right to Opt-Out of the Sale of their Personal Information to third parties. DataGrail customers have the ability to handle Opt Out Requests through an intake form, verify those requests, and maintain a record log for compliance.

To take action on an Opt Out Request, DataGrail offers integrations with common third-party systems and with your bespoke systems through Internal Systems Integrations.

We additionally set a cookie for users who submit requests through the public Privacy Request Center, which can be utilized to suppress relevant scripts and trackers on your website.

DataGrail User Roles

Only the following User Roles will have access to the Opt Out Requests tab:

  • Super Admin
  • Request Admin
  • Request Approver
  • Request Agent

Intake Methods

DataGrail provides three methods to submit Opt Out Requests:

Privacy Request Center

If a Privacy Request Policy for a given location includes the Opt Out right, it will be displayed to Data Subjects on the DataGrail Privacy Request Center.

Privacy Request Center

Once the form is submitted, DataGrail will immediately set a cookie in the Data Subject's browser (regardless of verification status), which can be used to opt the user out of tracking scripts/pixels on your website.

API

DataGrail's V2 API supports the creation and management of Opt Out Requests.

Manual Intake

Requests can also be created manually within the Opt Out Requests tab in DataGrail by selecting Add Request.

Opt Out Cookie

The ccpa_dnsmpi cannot be set on Opt Out requests created manually through the DataGrail app.

Processing Opt Out Requests

The Opt Out Requests page provides an overview of all Opt Outs submitted to your organization. DataGrail provides filters for Verification Status, Request Status, and Location to allow your team to manage requests effectively.

Opt Out Details View

The lifecycle of an Opt Out Request depends on whether you are using any supported integrations.

Supported Integrations

The following integrations are available for use on Opt Out Requests:

If you are utilizing supported integrations, the Opt Out Request lifecycle will be as follows:

  1. The Opt Out Request is submitted and will be in the Not Started state until the Data Subject verifies their email. Opt Out Requests will not automatically be closed if the Data Subject does not verify.
  2. Once the Data Subject has verified their email or if email verification is disabled, the request will move to the In Progress status, which will initiate supported integrations.
  3. Once all integrations are complete, the request will move to Complete or will require a DataGrail User to select Mark as Complete, depending on your Automation Settings.

If you are not utilizing integrations, the Opt Out Request lifecycle will be as follows:

  1. The Opt Out Request is submitted and will be in the Not Started state until the Data Subject verifies their email. Opt Out Requests will not automatically be closed if the Data Subject does not verify.
  2. Once the Data Subject has verified their email or if email verification is disabled, the request will move to the In Progress status.
  3. Your organization should now complete any manual Opt Out processes for the Data Subject, if you have them.
  4. To close the request, a DataGrail User must select Mark as Complete, which will move it to the Completed state.
Denying & Extending Opt Out Requests

An Opt Out Request can be denied at any time by selecting the request, clicking the eclipses, and selecting Deny Request.

An Opt Out Request can be extended by 45 days (once) by selecting the request (directly or through the Opt Out Requests list) and then selecting Request Deadline Extension.

Automation Settings

DataGrail allows the Opt Out workflow to be customized in the Automation tab of the Settings page.

Once a Do Not Sell or Share request has been completed

OptionDescription
Send the Do Not Sell or Share confirmation emailConfirmation email sent to the requestor. The confirmation email template can be updated.
Do not send the Do Not Sell or Share confirmation emailNo confirmation email is sent.

Once a Do Not Sell or Share request is submitted

OptionDescription
Send a verification emailRequest will start processing after the requestor has verified their email.
Don't send a verification emailVerification will be skipped, and the request will automatically start processing.

When all integrations have finished processing a Do Not Sell or Share request

OptionDescription
Automatically mark the request completeRequest status updated to Complete. No further action required.
Manually mark the request completeYou will need to manually update the request status.

Blocking Scripts Using DataGrail Cookies

Immediately after submitting an Opt Out Request through the Privacy Request Center (regardless of verification status), DataGrail sets a ccpa_dnsmpi cookie (10 year lifetime) in the user's browser, which can be used by your organization to opt the user out of tracking on your website.

Google Tag Manager Configuration

DataGrail's ccpa_dnsmpi cookie can be utilized with Google Tag Manager to seamlessly opt out users of tracking scripts and pixels deployed on your website.

Create a Variable

  1. Log in to https://tagmanager.google.com/ and select the appropriate Container.
  2. Select Variables from the left hand menu and select New under User-Defined Variables.
  3. Open the Variable Configuration nd select 1st Party Cookie from the menu.

1st Party Cookie

  1. Enter ccpa_dnsmpi as the name for the cookie and the variable, and select Save.

Create a Trigger

  1. Select Triggers from the left hand menu and then New.

New Trigger

  1. Open Trigger Configuration and select Page View or DOM Ready and select Page View or DOM Ready, based on the triggers your organization utilizes. If you utilize both, then you will create two triggers.
  2. Select Some Page Views and set the event condition: ccpa_dnsmpi, does not equal, and true.

Event Variable

  1. Enter in an applicable name (e.g. Page View - No Opt-Out) and select Save.

Update Tags

  1. Select Tags from the left hand menu, and select a tag you have identified as implicated in data sales.
  2. Select the Triggering section and remove the current trigger.
  3. Select Triggering again and select the trigger you created previously.

Trigger

  1. Select Save.

  2. Repeat steps 1-4 for all applicable tags. Ensure you are utilizing the correct trigger, if you utilize both Page View and DOM Ready triggers for tags.

Publish Changes

  1. Once all changes are complete, select Submit in the top right.
  2. Provide a Version name and Description and select Publish in the top right.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.