Global Privacy Control (GPC) is a method that allows digital consumers to opt out of allowing companies to track their online behavior or sell or share their personal information. It takes the place of Do Not Track requests, which the California Attorney General has been unable to legally require businesses to comply with due to the ambiguous nature of the requests.

In this article you will learn what GPC is and how it works, why it is important, what happens if your business is not GPC compliant, and steps you can take to ensure GPC compliance.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.
  2. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  3. Answer some questions about your website or app.
  4. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  5. Answer some questions about your business.
  6. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  7. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.


How Does Global Privacy Control (GPC) Work?

GPC functions as a setting or extension that users can adjust on their browser or mobile device to communicate their privacy preferences to the websites they visit. GPC browser extensions can protect users from being tracked by the websites they visit, and keep websites from selling or sharing users' personal information.

GPC is a way for users to signify their privacy preferences when browsing the internet. When activated, GPC sends a signal to the websites that users visit, letting each site know how users would like their personal information to be handled.

Websites that are GPC compliant can automatically respond to users' GPC signals and treat their personal information appropriately.

GPC is an improvement on existing methods for consumers to limit companies' use of their personal information, such as ticking a box, writing a request, or otherwise manually opting out of the collection of information at each individual website.

With GPC, users can signify their privacy preferences across the board via settings on their browser or through the use of a browser extension.

Privacy Badger is a browser extension that sends GPC signals to any website that users visit, and blocks any websites that don't respect the signal's requests:

Microsoft Edge Add-ons: Privacy Badger description

The GPC signal can either function as a default setting, or users can be presented with the option of turning the signal on manually.

Some browsers automatically enable GPC as their default setting. The internet search engine DuckDuckGo enables GPC by default in all of its mobile apps and desktop extensions:

DuckDuckGo GPC Page with setting by default section highlighted

The web browser Firefox provides users with the option to manually enable GPC on both its general release version (Firefox 95) and Firefox Nightly, and details the steps users can take to turn the specification on:

Mozilla Implementing GPC: Firefox Nightly instructions

GPC is versatile and will apply across a variety of browsers, which will help streamline the exercising of privacy rights and help put more control in the hands of users.

Why is Global Privacy Control (GPC) Important?

Why is Global Privacy Control (GPC) Important?

GPC is important because it gives consumers the opportunity to exercise their privacy rights with simplicity and ease, helps to build trust between consumers and businesses, and can help businesses to comply with privacy legislation.

GPC Helps Consumers to Exercise Privacy Rights

Global and local privacy laws are evolving to protect consumers' privacy rights by putting restrictions on how businesses collect and use consumers' personal information. GPC helps consumers to exercise their privacy rights by disabling third party tracking, selling, and sharing of their personal information.

GPC makes communicating privacy preferences simple. All consumers need to do to protect their personal information is enable GPC on their browser or download a browser extension that helps to keep their information secure while using the internet.

GPC Helps to Build Trust Between Businesses and Consumers

Businesses that incorporate GPC code into their websites and apps show that they respect their consumers' privacy rights and are taking preemptive action to keep their consumers' data secure.

According to Adobe's Future of Marketing Research report, people are more likely to continue to do business with and recommend companies that they trust to keep their personal information safe.

GPC Helps Businesses to Comply With Privacy Legislation

GPC is designed to support existing privacy laws and can help businesses to meet legal requirements set by privacy regulations such as the California Consumer Protection Act (CCPA) and the Global Data Protection Regulation (GDPR).

The text of Global Privacy Control Proposal 27 outlines how the GPC signal can be used to communicate "Do Not Sell" requests in order to comply with the CCPA, as well as give consumers control over their personal data as required by the GDPR.

Global Privacy Control Proposal 27 Section 5: Legal Effects

What is the CCPA?

The CCPA is privacy legislation that was passed in 2018 in California with the objective of giving consumers the ability to control what personal information organizations collect from them and how organizations are allowed to use that information.

The CCPA was the first law of its kind passed in the United States, but numerous other states have followed suit since it went into effect in 2020. It's a good idea for businesses to pay attention to CCPA requirements, as this law has laid the foundation for other state privacy laws.

The CCPA was designed to protect California consumers and applies to any businesses that collect or process personal information from residents of California. That means that a business does not have to be located in California in order to be legally bound by the CCPA.

The CCPA requires that entities that collect or process personal information from California consumers maintain a comprehensive Privacy Policy, inform consumers of their rights concerning their personal information, keep the personal information they collect secure, and give consumers the choice to opt out of the sale of their personal information.

The California Attorney General requires that businesses provide consumers with at least two methods of opting out of the sharing of their personal information. Making your company's websites and apps GPC compatible can help you to stay in compliance with the CCPA by ensuring that your consumers have an easy way to opt out of the collection and processing of their personal information.

Section 999.315 of the text of the CCPA outlines methods that businesses can use to provide opportunities for users to opt-out of the sharing of their personal data, including "user-enabled global privacy controls."

CCPA Section 999 315: Requests to Opt-Out with Do Not Sell section highlighted

What is the GDPR?

The GDPR is the EU's primary privacy legislation, which was introduced in 2016 to replace the Data Protection Directive. The GDPR was adopted in order to limit how businesses collect and process consumers' personal data.

The GDPR applies to any organization that sells products or services to or tracks the website behavior of European consumers. It has many requirements for businesses, some of which include:

  • Businesses can only collect and process consumers' personal data if the data is essential to the functioning of their business
  • Businesses must get consent from consumers before using their data
  • Businesses must inform consumers as to how the data they collect is used
  • Businesses must inform consumers what their rights are concerning their data

Article 21 of the GDPR states that users have the right to object to having their personal information processed, and can use "automated means using technical specifications" (such as GPC) to exercise that right.

What Happens if You're Not Compliant with Global Privacy Control (GPC)?

What Happens if You're Not Compliant with Global Privacy Control (GPC)?

GPC is currently in the proposal stage, which means that keeping your company's website, blog, and apps GPC compliant is not yet a legal necessity.

While at the time of writing there are no legal repercussions for not adopting GPC, there are still many good reasons to implement GPC as a part of your business's privacy measures now:

  1. GPC settings are beginning to be looked at more by lawmakers. You can get ahead of potential changes to privacy legislation that may require GPC compliance in the near future by making sure your website and apps support GPC.
  2. The more options you give consumers to take control of their privacy rights, the better you are able to build the kind of trust that creates loyal customers. Providing a GPC option is a great way to show consumers that you care about protecting their personal information.
  3. GPC can be an effective method for ensuring compliance with major privacy laws. GPC can help you to meet certain privacy legislation requirements, including those outlined in the CCPA and the GDPR.

Penalties for Violating Privacy Laws

Breaching the CCPA or the GDPR can lead to substantial financial repercussions. Violations of current privacy legislation don't have to be intentional to result in hefty fines.

Section 1798.199.90 of the CCPA describes how businesses that break the CCPA regulations can face penalties in the amount of $7,500 per intentional violation, and up to $2,500 per unintentional violation:

CCPA Section 1798 199 90: Penalties for violating the CCPA

Companies that violate the GDPR run the risk of receiving harsh financial penalties. Article 83 of the GDPR explains that businesses can be subject to fines of whichever is higher: 20,000,000 EUR or 4% of annual revenue from the previous year.

How to Comply with Global Privacy Control (GPC)

How to Comply with Global Privacy Control (GPC)

There are a few simple steps you can take to make sure that your business is GPC compliant, including adding the GPC specification to the back-end of your website or app, testing your website to make sure that it responds to GPC signals from multiple browsers, and keeping up to date on proposed privacy legislation.

Implement GPC Specification

You can incorporate the GPC specification within your own business by having your developer add the GPC code to your website and apps.

This Global Privacy Control website provides guidelines on how to apply the GPC specification on the back-end, including server-side or client-side detection, or by hosting a well-known resource:

Interacting with GPC: Server and client side detection sections

Test Your Website

Once you've incorporated the GPC code, it's important to make sure that your website is properly responding to any GPC signals it may receive. That means testing your website's response to all GPC accessible browsers and add-ons to make sure that it is respecting users' privacy requests.

This Global Privacy Control website maintains a list of the browsers and extensions that are GPC accessible:

GPC Founding Organizations: Browsers and extensions

Pay Attention to Privacy Legislation

Paying attention to proposed privacy legislation and how it may affect your company is a crucial part of protecting both your business and consumers' personal information.

Summary

GPC is a specification that can be added to a browser or extension that gives users the option to exercise their privacy rights. It helps users protect their personal information by sending a signal to your business's website or app letting you know that they do not wish to be tracked or have their personal information shared or sold.

Organizations can either enable GPC as the default setting on their browsers and extensions or they can give users the option to manually turn the specification on or off.

GPC is important because it gives users control over which companies track their online behavior, and keeps users' personal information from being sold or shared without their explicit permission.

The CCPA is California's premier privacy legislation, and was designed to protect consumers' privacy rights by requiring that businesses divulge when and how they collect and process consumers' personal information.

Similar to the CCPA, the GDPR is a European privacy regulation that protects individuals' personal data and privacy rights by giving users the right to limit how businesses use their data.

As of right now, there are no legal repercussions for not being GPC compliant. However, adopting GPC as part of your business's overall privacy plan can help you to ensure compliance with certain privacy law requirements, such as those set forth in the CCPA and the GDPR.

You can make sure your business is GPC compliant by implementing the GPC code on your website, testing your website to make sure that it is responding correctly to GPC signals, and paying attention to the ever-evolving privacy legislation landscape.