GPC 101: What is Global Privacy Control?
Undoubtedly, you have become accustomed to seeing cookie consent banners as you browse the web. Every time you land on a website you haven’t visited before, you’re greeted with a pop-up informing you that the website uses tracking technologies and providing you with the option to change your preferences.
Have you ever wished that you could control ALL websites at once, instead of having to set your preferences on each website individually?
Until recently, this was just a dream… but now it’s achievable with GPC.
What is Global Privacy Control?
Global Privacy Control (GPC) is a browser signal that is sent to websites, informing the website of a user’s privacy preferences. The browser (or extension) shares that you do not wish the website to share or sell personal data without your consent. This is done automatically: the only action required is to set it up once in your browser or web-browsing mobile app.
“[GPC] provide(s) a key component that’s called for in the California law, which is a simple way for consumers to invoke their right without having to go to each website and find the button.”
– Ashkan Soltani, privacy researcher and leader of the GPC effort
Digital marketers are well aware that websites must respect users’ privacy rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and other legislation across the globe. What’s new, however, is that the GPC is a part of this equation. Websites must honor both the consent preferences set manually using a consent management system deployed on-site, but also those set via GPC’s “one and done” browser signal.
GPC is a collaborative effort developed by a broad coalition of stakeholders to help make data privacy rights more accessible and manageable in one centralized way. The GPC was initially spearheaded by Ashkan Soltani Georgetown Law) and Sebastian Zimmeck (Wesleyan University) in collaboration with The New York Times, The Washington Post, Financial Times, Automattic (WordPress.com & Tumblr), Glitch, DuckDuckGo, Brave, Mozilla, Disconnect, Abine, Digital Content Next (DCN), Consumer Reports, and the Electronic Frontier Foundation (EFF).
The full GPC specification can be accessed via Github.
I don’t want my information shared or sold. How do I enable GPC?
It’s easy — you’ll either have to use a GPC enabled browser or add a browser extension. From the GPC website:
GPC is available for an increasing number of browsers and browser extensions, listed here. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.
You can validate if you are currently transmitting a GPC signal by visiting the test page at globalprivacycontrol.org
What does this mean for me as a data privacy or consent management professional?
As mentioned above, especially after the landmark Sephora settlement in California, you’ll have to make sure your web properties acknowledge and honor the GPC signal set by your users. Most Consent Management Platforms (CMPs) currently or plan to support the GPC signal. OneTrust, TrustArc, and WireWheel are all founding organizations of the GPC — customers of these CMPs should be able to update settings so that your website automatically accepts your users’ GPC preferences.
Why is this so important? Because CCPA enforcement is now underway. Not honoring the GPC signal sent by your users means that your organization may be susceptible to fines, and the 30 day grace period to remediate any lapses in compliance expires in January 2023.
“40 million consumers are now using web browsers and other privacy tools that support this global opt out. Major publishers, the New York Times, Washington Post, have already pledged to respect it. California’s Attorney General has already said that companies must respect GPC. This is a big step in Americans privacy, a big, big step forward.”
– Roy Wyden, Senate Finance Chairman, as quoted on globalprivacycontrol.org
This sounds serious, and it is. However there is a real user data monitoring tool available that can help give you peace of mind that your website is in fact honoring a GPC signal sent by your users’ browsers. Contact us for a demo or to learn more.
Online privacy should be accessible to everyone. It starts with a simpler way to exercise your rights. Enable Global…globalprivacycontrol.org
With internet usage at an all-time high, millions of consumers are creating and reinforcing habits and privacy…www.onetrust.com
Following an investigation into the privacy practices of Sephora surrounding its collection, use, and sale of…trustarc.com
Since posting the two Sephora blogs about the compliant from the California Attorney General and their proposed…cunderwood.dev
What do you call a privacy law that only works if users individually opt out of every site or app they want to stop…www.wired.com
Privacy-conscious Internet surfers will soon have an additional weapon on their side. You can’t see it working, but a…www.washingtonpost.com