Right to object or opt-out of selling of personal information

Current version: 9.1

Applies to



This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

The right to object or opt-out of selling personal information gives Individuals the ability to direct a Business not to sell their personal information to a third party. This provision does not stop a Business from distributing the data within the organization that collected it (even to different business units). It also does not stop all transfers to third parties as businesses can continue to provide personal information to their Service Providers pursuant to a written contract that meets the law’s requirements. Further, they can continue to provide data that does not meet the definition of personal information. Businesses must wait at least 12 months before asking consumers to opt back in.

Sitecore XP is a framework that lets you build websites using any front-end technologies that fulfill your requirements. Using the desired web technology and the Sitecore Content Editor, you can define and manage privacy policies, as content, and present these to the end customer as part of your solution. Sitecore recommends capturing and storing your end-customer’s affirmative action and consent choices in the xDB. This action can be stored as a facet on the end-customer’s contact record in xDB. Once stored in xDB, it is possible to display the contact’s information in the Sitecore® Experience Profile™.


To protect the confidentiality, integrity, and availability of personal information, Sitecore Content Hub takes important security measures associated with user activity monitoring (UAM). UAM is the monitoring and recording of user actions. UAM captures user actions and is recorded in User logs. The User logs document all activities by users. The User logs match up with a playback of concurrent actions or events of all the users.

Do you have some feedback for us?

If you have suggestions for improving this article,