66 | 
California Consumer Privacy Act of 2018 (as amended by the
California Privacy Rights Act of 2020) and Related Regulations
(B)  A business that knows of, but does not remedy, circular or broken links, or nonfunctional email addresses, such as
inboxes that are not monitored or have aggressive filters that screen emails from the public, may be in violation of
this regulation.
(C)  Businesses that require the consumer to unnecessarily wait on a webpage as the business processes the request
may be in violation of this regulation.
(b)  A method that does not comply with subsection (a) may be considered a dark pattern. Any agreement obtained through
the use of dark patterns shall not constitute consumer consent. For example, a business that uses dark patterns to obtain
consent from a consumer to sell their personal information shall be in the position of never having obtained the consumer’s
consent to do so.
(c)  A user interface is a dark pattern if the interface has the effect of substantially subverting or impairing user autonomy,
decision making, or choice. A business’s intent in designing the interface is not determinative in whether the user interface
is a dark pattern, but a factor to be considered. If a business did not intend to design the user interface to subvert or impair
user choice, but the business knows of and does not remedy a user interface that has that effect, the user interface may
still be a dark pattern. Similarly, a business’s deliberate ignorance of the effect of its user interface may also weigh in favor
of establishing a dark pattern.
Note: Authority cited: Section 1798.185, Civil Code. Reference: Sections 1798.100, 1798.105, 1798.106, 1798.110, 1798.115,
1798.120, 1798.121, 1798.125, 1798.130, 1798.135, 1798.140 and 1798.185, Civil Code.
Article 2. REQUIRED DISCLOSURES TO CONSUMERS
11 C.C.R. § 7010. Overview of Required Disclosures
(a)  Every business that must comply with the CCPA and these regulations shall provide a privacy policy in accordance with
the CCPA and section 7011.
(b)  A business that controls the collection of a consumer’s personal information from a consumer shall provide a Notice at
Collection in accordance with the CCPA and section 7012.
(c)  Except as set forth in section 7025, subsection (g), A business that sells or shares personal information shall provide a
Notice of Right to Opt-out of Sale/Sharing or the Alternative Opt-out Link in accordance with the CCPA and sections 7013
and 7015.
(d)  A business that uses or discloses a consumer’s sensitive personal information for purposes other than those specified in
section 7027, subsection (m), shall provide a Notice of Right to Limit or the Alternative Opt-out Link in accordance with
the CCPA and sections 7014 and 7015.
(e)  A business that offers a financial incentive or price or service difference shall provide a Notice of Financial Incentive in
accordance with the CCPA and section 7016.
Note: Authority cited: Section 1798.185, Civil Code. Reference: Sections 1798.100, 1798.105, 1798.106, 1798.110, 1798.115,
1798.120, 1798.121, 1798.125, 1798.130 and 1798.135, Civil Code.