What is GPC and DNT?

In an era marked by the constant evolution of privacy regulations, the expectations of millions of internet users regarding their online privacy are continually growing. To meet these expectations, companies are now faced with the pressing need to implement robust privacy management mechanisms, such as GPC (Global Privacy Control) and consent management for GPC privacy compliance. GPC, short for Global Privacy Control, serves as a powerful tool that allows users to assert their privacy preferences seamlessly, enabling them to communicate their consent choices and exercise greater control over how their data is handled by businesses. Consent management for GPC ensures that companies can effectively interpret and adhere to these preferences, aligning their data practices with the evolving standards of online privacy protection.

Global Privacy Control (GPC) is designed to allow Internet users to notify businesses of their privacy preferences, such as whether they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification.

GPC is being developed by a broad coalition of stakeholders: technologists, web publishers, technology companies, browser vendors, extension developers, academics, and civil rights organizations.

GPC provides consumers and businesses with clear expectations and guidelines for the sharing and sale of data online. It permits users to easily and clearly exercise their privacy rights, facilitates greater trust between businesses and their customers, and fosters certainty for businesses and advertisers by relying on an open standard.

Views of California Attorney General (AG) on GPC

When considering whether DNT was sufficient under the CCPA, the AG specifically determined that a new type of privacy signal would benefit users and businesses. The regulation is “intended to support innovation for privacy services that facilitate the exercise of consumer rights in furtherance of the CCPA.” 

GPC cookies respond to this call for innovation by providing a mechanism for privacy signaling applicable to current laws, technologies, and business practices. The Attorney General has stated that he believes GPC is “a technical standard that would make it easier for consumers to stop the sale of their personal information’ and that he is ‘heartened to see a wave of innovation in this space”. 

On the website of State of California Department of Justice, it was clarified “GPC must be honored by covered businesses as a valid consumer request to stop the sale of personal information.”

On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, Inc. that included a fine of $1.2 million for alleged violations of the California Consumer Privacy Act (CCPA). The Complaint which was filed against Sephora alleged that it failed to comply with Global Privacy Signal.

How can you use GPC to signal your privacy preferences to websites?

GPC is available for an increasing number of browsers and browser extensions. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.

Brave Privacy Browser, DuckDuckGo Privacy Browser, Firefox, etc. are some of the participating browsers for GPC.