Request to Opt-Out

When a consumer submits a Request to Opt-Out, Polaris performs several actions on your organization's behalf. This document provides a high-level summary of those actions.

Submitting an Opt-Out Request

A consumer can submit a Request to Opt-Out in one of two ways:

  1. Manually from the Privacy Center, or
  2. Automatically via a browser-based Global Privacy Control (GPC) signal

Manually from the Privacy Center

When a consumer visits your Do Not Sell or Share My Personal Information page and clicks the "Submit Opt-Out Request" button, our opt-out tool will opt them out of certain third-party tracking on your site.

To do this, our opt-out tool sets a cookie in the visitor's browser. This cookie instructs our Polaris Consent Management Platform (CMP) to indicate to third parties that respect the US Privacy signal to stop tracking the user while they're using that device and browser.


Automatically via Global Privacy Control

Global Privacy Control is a globally recognized standard for consumers to automatically convey their data collection preferences. Under the CCPA, covered businesses must honor user-enabled global privacy control signals, like the GPC, as a valid consumer request to stop the sale of personal information.

When the GPC signal is detected by the Polaris Consent Management Platform, our opt-out tool will treat it as a valid Request to Opt-Out and automatically perform the same sequence of actions as if the consumer manually submitted the request as outlined above.

Opt-Outs and Third Party Measurement

When using the Polaris CMP on your website, the following mechanisms are used to communicate a consumer's opt-out preference to third parties:

  • The US Privacy signal is reflected to third party scripts by implementing the standard US Privacy API
  • We also reflect the consumer's opt-out preference with the Global Privacy Platform API, the successor to the US Privacy API
  • Our opt-out tool incorporates custom solutions for Facebook Ads (which does not respect the US Privacy String) and for Google Analytics (which requires a separate signal to turn off tracking). These solutions are performed with a real-time request to the supported services, like Google Analytics, to turn activity tracking off for that specific consumer. We send a Limited Data Use (LDU) preference for the Meta (Facebook) Pixel.

For additional control over scripts that run after a consumer opts out, you can configure your website's scripts in Google Tag Manager to be blocked from loading if a consumer has opted out.

Request Processing

If your organization does not manually "Sell" or "Share" personal information, our opt-out tool will first create a request, perform the actions outlined above, and then automatically close the request. You will not need to perform any manual actions. 

If your organization manually "Sells" or "Shares" personal information, our opt-out tool will first create a request, perform the actions outlined above, but leave the request in the Open state so your team can follow Polaris' guidance to complete the manual steps. You will also receive a "New Request" notification email.

Requests that are submitted via browser opt-out signals (GPC) will automatically close, since these automatic opt-outs do not contain the requisite consumer information to perform manual opt-out steps.

Record-keeping Requirements

All Requests to Opt-Out, regardless of submission method, will be assigned a Request ID and will be logged in Polaris per CCPA's record-keeping requirements. These Request Records will be maintained for the legally required minimum of 24 months. Automatically processed requests can be found in your Closed tab as well as in the Record Lookup.