Enable Transparency with Global Privacy Controls
In another article, Clarip covers what Global Privacy Controls (GPC) is and why it matters. More browsers and extensions can now see if your website has GPC signals. This allows users to automatically opt out of personal data collection/sharing/selling by the websites to which requests are sent.
The California AG’s office took notice of the lacking of recognition of the technology, and sent out hundreds of letters addressing companies doing business in California that have not yet taken advantage of this easily implemented opt-out solution. As companies require two methods of opt out to comply with regulations, you would think this is a no brainer.
Which states currently require GPC signal recognition?
“Businesses that sell personal information must offer two or more methods for consumers to submit requests to opt-out of the sale of their personal information. For businesses that collect personal information from consumers online, one acceptable method for consumers to opt-out of sales is via a user-enabled global privacy control, like the GPC.” (Source – Office of the Attorney General – California Department of Justice)
California requires that businesses must treat user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism that communicate or signal the consumer’s opt-out as a valid request submission.
According to the CCPA, websites with GPC should clearly signal and communicate consumer opt-out intent, even if they already have privacy settings specific to existing business.
Colorado requires controllers to allow consumers to opt-out of targeted advertisements and/or the sale of personal data through a universal opt-out mechanism that meets the technical specifications established by the Colorado AG.
Connecticut GPC requirements go into effect by July 1, 2024. That’s a full year after CTDPA goes into effect, giving companies doing business in Connecticut ample time to implement GPC compliance. CTDPA requires companies to honor browser privacy signals, like the Global Privacy Control (GPC), so that consumers can opt-out of data sales at all companies via an on/off switch they can manage in their browser of choice.
The GDPR requires that businesses marketing its products or services to citizens of the EU must accept GPC signals as well.
Does My Website Respond to GPC Signals??
Not all companies are required to comply with GPC unless they qualify under the GDPR or US privacy laws.
The GPC User Journey
This is how a GPC works:
- The user enables Global Privacy Control in their browser of choice to communicate privacy preferences.
- The user visits your company’s website.
- The browser indicates whether your website participates in GPC compliance.
- The browser will send the GPC signal to the websites visited.
- The request is automatically accepted, and the website stops sharing data with third parties.
List of browsers and extensions currently supporting Global Privacy Controls:
- Brave Privacy Browser
- DuckDuckGo Privacy Browser
- OptMeowt by privacy-tech-lab
- Privacy Badger by EFF
Conclusion to GPC
Even if your company isn’t required to comply with GPC and the above criteria, it is still recommended to familiarize yourself with GPC if your company deals with user data in any way. To comply with these requirements, it’s important that organizations update how they handle the storage of user-related data such as IP addresses, user agent strings, cookies and beacons data and third-party vendor management. This is accomplished by checking for the special ‘Sec-GPC’ request header either on the back-end of the site through an HTTP request or through a script that runs once a page loads.
Clarip’s Consent Management solution allows customers to submit, revoke and update granular consent through a traditional Do Not Sell pop up and the browsers GPC signal. Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Mike Mango, VP of Sales