Under the CCPA/CPRA, cross-context behavioral advertising means showing a person ads based on data collected as they move across different, unaffiliated sites and services over time, rather than within a single first-party context. Because it relies on sharing personal information for behavioral targeting, it triggers the consumer's right to opt out of the 'sale' and 'sharing' of their data.
To comply, sites must honour opt-out signals — including the Global Privacy Control (GPC) — and stop sharing data for targeted advertising once a consumer opts out. Several other US state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA and more) use similar 'targeted advertising' definitions. ConsentX detects the trackers behind cross-context advertising, honours GPC automatically, and keeps tamper-evident opt-out records.
In ConsentX
Related terms
The CCPA, expanded by the CPRA, is California's privacy law giving consumers the right to opt out of the sale or sharing of their personal data and to access and delete it.
Global Privacy Control (GPC) is a browser signal that tells websites a user wants to opt out of the sale or sharing of their personal data, and several US state laws treat it as a legally binding opt-out.
Cookie consent is the user's permission to set non-essential cookies and trackers, which most privacy laws require you to obtain before those cookies load.
Legitimate interest is a lawful basis under the GDPR for processing personal data without consent when the organisation's interest is not overridden by the individual's rights, established through a balancing test.