PrivacyLawMap
Back to Blog
EnforcementMarch 1, 20266 min read

CA/CO/CT Joint GPC Enforcement Sweep: Are You Ready?

Share:

The First Multi-State Privacy Enforcement Action

In a landmark coordinated effort, the California Attorney General, Colorado Attorney General, and Connecticut Attorney General have launched a joint enforcement sweep targeting websites that fail to honor Global Privacy Control (GPC) signals.

What Is GPC?

Global Privacy Control is a browser-level signal that communicates a consumer's intent to opt out of the sale or sharing of their personal information. When a user enables GPC in their browser or uses a GPC-enabled extension, it sends an HTTP header (Sec-GPC: 1) with every web request.

What Are Regulators Looking For?

  • Whether your website detects the GPC signal
  • Whether tracking and data sharing stops when GPC is detected
  • Whether third-party cookies and tracking pixels are properly suppressed
  • Whether your privacy policy mentions GPC
  • Whether opt-out preference signals are treated as valid consumer requests

How to Check Your GPC Compliance

Use our GPC Compliance Checker to determine your obligations based on where your users are located.

Implementation Guide

Detecting GPC in JavaScript is straightforward:

if (navigator.globalPrivacyControl) {
  // User has opted out — suppress tracking
  // Do not load third-party advertising scripts
  // Do not share data with third parties
}

Disclaimer: PrivacyLawMap provides general information about US state privacy laws for educational purposes only. This is NOT legal advice. Privacy laws are complex and frequently amended. Consult with a qualified privacy attorney for advice specific to your business. PrivacyLawMap makes no warranties about the accuracy or completeness of this information.