The way it works is simple for consumers: they visit the national “Do Not Sell My Personal Data” registry website, put in their email address, and get a verification email in their inbox (note other personal identifiers could be added). For data brokers who sell personal data, they must register with the agency in charge of registry (e.g. the FTC) and are given an Application Programming Interface (API) that makes requests to the registry. Then whenever a data broker is about to sell personal data, the broker must first use the API to determine if there any identifier matches (e.g. email addresses) in the database of personal information they plan to sell. Any flagged matches and corresponding records cannot be sold. Compliance can easily be checked by adding to the registry “honeypot data” to sniff out violations.
Proposal for a Do Not Sell My Personal Data registry by Tom Kemp on Medium