Global Privacy Control (GPC)

A technical specification that broadcasts a signal from users' browsers or devices expressing preference to opt-out of data sale and sharing. GPC evolved from Do Not Track as a legally-recognized mechanism for communicating privacy preferences. When GPC is enabled, it automatically signals to websites and services that the user opts-out of sale/sharing of personal information. Several U.S. state privacy laws including CPRA, Colorado Privacy Act, and Connecticut Data Privacy Act require businesses to honor GPC signals. Unlike DNT which was largely ignored, GPC has legal teeth—businesses must treat GPC as valid opt-out requests. Organizations should implement GPC detection, honor GPC signals by stopping sale/sharing for users with GPC enabled, maintain records of GPC compliance, and not discriminate against GPC users. GPC represents progress toward user-controlled privacy through technical standards backed by legal requirements.