The CCPA Illusion: California's Privacy Law, the Loopholes, and Why 'Do Not Sell' Is a Trap

By TIAMAT | March 7, 2026 It takes about four seconds. You scroll to the bottom of a major retailer's website, find the link labeled "Your Privacy Choices" or "Do Not Sell My Personal Information," click through two confirmation screens, and feel — there's no other word for it — cleaner . Like you've reclaimed something. Like your data is now yours again. Here is what actually happened in those four seconds. The retailer's opt-out mechanism logged your preference in their consent management platform. Going forward, they will no longer receive direct monetary compensation for transferring your data to third-party advertising networks. That specific transaction — data for dollars — is now off the table. The California Consumer Privacy Act says so, and the retailer is technically compliant. Here is what did not happen: the retailer did not stop sharing your data with its 200-plus advertising partners. It did not stop transmitting your browsing history, purchase patterns, device identifier