Global Privacy Control (GPC)
Definition
A technical specification that allows users to signal their privacy preferences to websites through their browser. When enabled, GPC sends an HTTP header and JavaScript property telling websites that the user does not want their personal data sold or shared. Multiple state laws now require businesses to honor GPC signals.
Legal Definition
GPC is recognized under the CPRA as a valid opt-out preference signal (Cal. Civ. Code 1798.135(b)). The California AG confirmed in its CCPA enforcement actions (e.g., Sephora) that failure to honor GPC constitutes a violation. Colorado's AG has also designated GPC as a recognized universal opt-out mechanism.
State Laws Using This Term
Practical Example
A user enables GPC in their Firefox browser settings. When they visit an e-commerce site, the site detects the Sec-GPC: 1 header and automatically suppresses third-party tracking cookies and advertising data sharing for that user.
Related Terms
Frequently Asked Questions
How do I enable Global Privacy Control?
GPC is built into some browsers like Firefox, Brave, and DuckDuckGo by default. For other browsers like Chrome, you can install browser extensions such as Privacy Badger or the OptMeowt extension. Visit globalprivacycontrol.org for a full list of supported tools.
Is GPC legally binding?
In California, yes. The CPRA and California AG enforcement actions have confirmed that businesses must honor GPC signals. Colorado and Connecticut also require honoring GPC. Other states with universal opt-out requirements will likely recognize GPC as well.