How to Enable Global Privacy Control

Announced in 2020, the Global Privacy Control (“GPC”) is a standard that web browsers and websites can use to simplify the making and handling of user privacy requests – particularly requests like “Do Not Sell” (do not sell my data to third parties without my consent).

Consumer requests to opt out of data collection and the sale of personal information have been made possible due to privacy laws like the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Still, consumers lacked the tools and standards to invoke their newly won privacy rights.

Now, rather than having to click on individual links across many websites (opt-in checkboxes, cookie banners, etc.), internet users can invoke their privacy settings in one step via the “Global Privacy Control” (GPC).

GPC is required under the California Consumer Protection Act (CCPA). Europe similarly empowers citizens to object to third-party processing under the General Data Protection Regulation (GDPR).

In 2022, several major publishers and consent management platforms (CMP) adopted the GPC, including The New York Times and the Washington Post.

What Is Global Privacy Control? 

Global Privacy Control (GPC) is a privacy signal sent to websites and online services. It communicates a user’s privacy preferences (like cookie consent or the restriction of third-party cookies) regarding how their data is tracked and shared online. 

It’s meant to streamline the process, making it easier for people to exercise their privacy rights, especially under the General Data Protection Regulation (GDPR) in the European Union and US state regulations like the California Consumer Privacy Act (CCPA).

What Is Web Tracking?

“Tracking” refers to the many different methods websites, advertisers, ad networks, and others use to learn about your browsing behavior. 

This includes information about what sites you visit and for how long, things you like, dislike, and comment on, what you search for, and what you buy. 

They then share this consumer data across the web to show you ads, products, or services specifically targeted to you.

Here’s an example: After you search for “Texas barbeque” in Google, you start seeing ads for Dallas restaurants and Lone Star State barbeque contests on all the pages you visit. Your search tells the advertising networks that you’re at least somewhat interested in Texas barbecue, and now they’ll follow you around the web, throwing related ads at you.

In the past, people could use the “Do Not Track,” or DNT for short, browser control to let sites know they don’t want to be tracked. 

What Happened to “Do Not Track”?

Originally proposed in 2009, the DNT project was disbanded in 2019 due to insufficient adoption and support. DNT failed because sites rarely honored users’ opt-out preference signals. Nor did they have to—DNT was optional. 

Will Global Privacy Control Suffer the Same Fate As DNT?

Experts think that the GPC technical specification might succeed where DNT failed. This is for one core reason: enforcement. 

GPC is legally enforceable under data privacy legislation like the CCPA and California Privacy Rights Act (CPRA), which amends the former. 

Other US privacy laws that respect universal opt-out mechanisms, such as the GPC, include the Colorado Privacy Act and the Connecticut Data Privacy Act.

In 2022, the California Attorney General concluded that the beauty product retailer Sephora took no steps to block sharing user personal information even when GPC opt-out requests were made, thus violating CCPA regulations. The brand ultimately received a $1.2 million fine for breaking California’s privacy law.

The Interactive Advertising Bureau has created a privacy compliance framework called the Multi-State Privacy Agreement to help companies adhere to privacy regulations and user-enabled GPC signals.

In the future, it is not unlikely that other state laws, such as the Virginia Consumer Data Protection Act, will also require businesses to respond to the GPC signal.

How Does Global Privacy Control Work?

Global Privacy Control lets users opt out of the sale and tracking of personal data at the browser level.

For this to happen, individuals need to use a supported browser or extension and turn on the GPC signal.

Sites that support GPC will register the consent and not collect any data about that specific user. 

This is in direct contrast to most opt-out consent management frameworks, where users’ information is collected even before they can opt out. 

How to Add Global Privacy Control to Your Browser

Implementing GPC is simple. As a consumer, you can enable Global Privacy Control by installing a supported browser or browser extension such as:

• Brave Privacy Browser
• Disconnect
• DuckDuckGo Privacy Browser
• Mozilla’s Firefox
• OptMeowt by privacy-tech-lab
• Privacy Badger
• Global Privacy Control (GPC) Inspector (Chrome extension).

What’s Next for Global Privacy Control

The launch of GPC is a meaningful step in changing how the industry accepts and handles privacy requests, ensuring consumers have more control over what is done with their private data. 

As more users assert their rights using Global Privacy Control tools and more websites adopt the standard handling these requests, pressure will increase on other websites to adopt the GPC standard.

Currently, the Global Privacy Control signal is intended to communicate two privacy preferences – a specific Do Not Sell request, as protected by the CCPA, and a general request to limit the sale of data, as protected by GDPR. However, with time, the GPC signal may evolve to communicate additional rights in other jurisdictions.

Who Else Is Tracking You?

Even after you enable GPC, data brokers will still track you. These companies collect your personal data from online and offline sources like social media and public records, compile this data into a detailed profile about your life, and then sell it to whoever wants to buy them.

Want to learn more about data brokers? Read our ultimate guide.

Then, follow our opt-out guides to remove your name from these databases (or let us do it for you).