What is Global Privacy Control? Frequently Asked Questions

January 28, 2021

Global Privacy Control (GPC) wants to make it easier for people to exercise their privacy rights. First introduced in October, GPC announced today a milestone in adoption and the support of major publishers and consent management platforms, including Sourcepoint. Much like the Do Not Track plug-ins of the past, GPC helps users communicate a desire to not be tracked online. More specifically, they are focused on enabling users to opt out of the sale of their personal information at the browser level. 

What is Global Privacy Control?

Global Privacy Control is a technical specification for transmitting universal opt-out signals. The initiative is backed by a consortium of privacy-focused organizations such as the Brave browser and DuckDuckGo, as well as well-known publishers like the New York Times and The Washington Post. For now, the signal is tailored for California’s Consumer Privacy Act (CCPA), which gives Californians the right to opt-out of the sale of their data. But the group behind GPC also has hopes to develop a global standard compatible with other privacy regimes like the EU’s GDPR. 

How does Global Privacy Control work?

To take advantage of the GPC tool, users need to download a browser or extension that supports the signal. Similar to managing an ad-block extension, users can turn on the GPC signal for all websites they visit or each individual website. When visiting a website that supports GPC, that website will automatically register the browser request to Not Sell Info. Here’s what that experience looks like with the Blur extension by Abine. 

There is definite room for improvement, as it currently doesn’t collect identifiable data, which limits the ability to link users to the rest of their data. And websites that don’t support the signal are not yet legally obligated to do so. 

How is Global Privacy Control different from Do Not Track (DNT)? 

Do Not Track was a plug-in offered by major browsers that, when turned on, added a header to browser metadata when initiating a connection with servers. However no servers knew how to interpret the header, nor were they required to, so they often ignored it. With lack of legislative action, it became clear that it would fail. The nail in the coffin was when Apple disabled DNT on Safari because websites could single out its users, making it (ironically) particularly useful for fingerprinting.

The main difference with GPC is that browser-level user-enabled requests could be made legally binding: CCPA final regulations already require all businesses to honor user requests via user-enabled global privacy controls. But the specification won’t be considered legally binding until it is approved by the California attorney general. Plus, how the law is enforced continues to evolve. Enforcement actions are currently the responsibility of the attorney general, but will transition to a dedicated state agency created under CPRA

What’s next for Global Privacy Control?

Their short-term focus is “working with [California Attorney General] Becerra to make GPC legally binding under CCPA. At the same time, [they] are exploring GPC’s applicability and functionality with regard to other similar laws worldwide, such as the GDPR.” Though, with Becerra being tapped to lead Health and Human Services for the Biden Administration, the future of the CCPA and GPC could depend on the priorities of his replacement. The forthcoming creation of a state agency dedicated to privacy rights also means one more stakeholder in the future of user-enabled browser opt-outs. 

Learn more
GPC is an important step towards improving experience for consumers who want to exercise their data rights. If you’re interested in learning more about enabling support for GPC in your CMP implementation, or how to optimize your privacy UX, get in touch.

Latest Blog Posts

What publishers need to know about managing consent on AMP

May 7, 2021

When it comes to privacy and monetization, AMP pages...

Employee Spotlight: André Herculano

April 29, 2021

What is your role at Sourcepoint? I am the...

Apple’s IDFA privacy update: How to optimize user opt-in on iOS 14.5 and beyond

April 15, 2021

Apple first announced in September 2020 that as part...

Latest White Papers

The Future of Content Compensation

September 23, 2019

In this paper we will explore why the most...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We’ll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    Message *

    * indicates required fields