It's a common practice among online businesses to sell or “share” website users' personal information. Asking websites or apps not to sell or share your personal information needs searching through each company website for a “Do not sell my data” button and then submitting this request to the company. California consumers have some protection for their data under the California Consumer Privacy Act (CCPA), while if you live elsewhere, companies are not obliged not to sell your data. Global Privacy Control is an initiative to solve the problem and lays down the groundwork for easier management of personal data.
CookieScript already supports the GPC signal through the Consent Management Platform. The websites can automatically accept the user’s GPC signal choices, so if you activate it, your website users will have all the benefits the GPC provides.
What is the Global Privacy Control?
Global privacy control (GPC) is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. GPC is an initiative to create a global technical specification that permits website users to control their privacy. GPC enables website users to inform about their privacy preferences for all websites at once without manually setting their preferences for each website.
The main purpose of the GPC is to inform websites not to sell or share user personal data. This is different from other privacy laws that can limit user tracking but could still allow the selling or sharing of user data with third parties.
This universal privacy control initiative is being pushed by a coalition of stakeholders including technology companies, browsers, web publishers, and civil rights organizations. The privacy standard is respected by leading news websites in the USA such as The New York Times and Financial Times.
As of October of 2022, these web browsers support GPC without any plugins:
- Mozilla Firefox
- Brave
- DuckDuckGo
Browser extensions for GPC include Abine, Disconnect, and OptMeowt by privacy-tech-lab, and Privacy Badger by the Electronic Frontier Foundation.
The data sharing that GPC addresses go beyond website browsing. The GPC is expected to cut down on junk mail, calls and faxes. Some are hoping it would stop big data companies like Facebook and Google from using personal data between related websites and companies.
Privacy Compliance and GPC
GPC allows easily respecting California consumer opt-out of sale requests. GPC is an acceptable method of opt-out request under the CCPA for not selling or sharing website users' private data. California Attorney General Rob Bonta informed that under the CCPA, companies are expected to deal with the GPC signal in the same way as with any other do-not-sell request from consumers. The California Attorney General's office writes: “Under the law, it must be honored by covered businesses as a valid consumer request to stop the sale of personal information”. This explanation is important since previously many companies have ignored the GPC signal, making it a not-so-effective tool.
The GPC can also support GPDR compliance since the signal expresses a general request for not selling or sharing personal information with third parties.
How to Enable GPC?
The simplest way to enable the GPC standard is to use web browsers that already have built-in the GPC signal. These browsers include Firefox Nightly, Brave, and DuckDuckGo. Other browsers like Chrome do not support GPC at the moment.
There are also browser plugins for GPC, including Abine, Disconnect, and OptMeowt by privacy-tech-lab, and Privacy Badger by the Electronic Frontier Foundation. These plugins could be used for Chrome, Internet Explorer, and other web browsers to enable GPC.
After downloading a web browser or a plugin with the GPC signal, do not forget to check if the GPC signal really works.
To control the GPC signal, open a new browser tab and go to globalprivacycontrol.org. You should see a green light at the top of the page that says “GPC signal detected.” If you see it, that means GPC is sending out its “Do not sell my data” instructions on your behalf.
CookieScript and the GPC Signal
CookieScript supports the GPC signal through the Consent Management Platform. As a result, the websites can automatically accept the user’s GPC signal choices.
See the guide on how to enable the GPC signal.
In addition, CookieScript is also officially certified by the Interactive Advertising Bureau (IAB) Europe and comes with a full IAB Europe Transparency & Consent Framework (TCF) 2.0 framework integration. IAB TCF 2.0 allows businesses to conduct targeted advertisements and be GDPR compliant at the same time.
So by enabling the GPC signal and IAB TCF 2.0, your website could easily comply with both the CCPA and the GDPR.
Frequently Asked Questions
What is the GPC signal?
Global Privacy Control (GPC) is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. The main purpose of the GPC is to inform websites not to sell or share user personal data. Use CookieScript CMP to actovate the GPC signal.
How to enable GPC?
To enable Global Privacy Control (GPC), use web browsers that already have built-in the GPC signal, like Firefox Nightly, Brave, and DuckDuckGo; or download browser plugins for GPC, including Abine, Disconnect, and OptMeowt by privacy-tech-lab, and Privacy Badger by the Electronic Frontier Foundation. To make sure GPC is turned on, check it at https://globalprivacycontrol.org/.
What is a GPC browser?
Global Privacy Control (GPC) is a proposed standard to create a global technical specification that allows users to control their privacy. Firefox Nightly, Brave, and DuckDuckGo browsers have natively built-in the GPC signal, so the users do not need to search through each company website for a “Do not sell my data” button and then submit this request to the company.
What are GPC cookies?
Global Privacy Control (GPC) allows users to notify website owners of their privacy preferences regarding selling or sharing their personal information through their browsers. Once activated, the GPC is sending out its “Do not sell my data” instructions on your behalf every time you visit a new web page, so you do not need to use cookies for each website.