How does CPRA Logic work?

CPRA operates primarily on an opt-out model, contrary to the GDPR (opt-in model), that is to say CPRA allows businesses to collect and process personal data until consumers explicitly request them to stop (opt-out), whereas GDPR requires businesses to obtain explicit consent from consumers before collecting and processing their personal data (opt-in). 

The signal Didomi provides about an opt-out/refusal means that you cannot share/sell the data of the user with third-party partners (vendors). For CPRA, you should not share personal information when the user refuses.