Global Privacy Control (GPC) is a browser-based privacy signal designed to automatically communicate a user’s opt-out preference for the sale or sharing of their personal data when they visit websites.
When a user enables GPC in their web browser or through a browser extension, their browser sends a special HTTP header that tells websites that a visitor does not want their personal data sold or shared.
Why GPC Matters
In the context of privacy regulations, GPC is particularly relevant under:
California Privacy Laws (CCPA/CPRA)
- The CPRA (California Privacy Rights Act) explicitly states that businesses must honor a user-enabled global privacy control like GPC.
- Ignoring GPC when it is enabled can be considered a violation of the law.
EU GDPR (General Data Protection Regulation)
- While not officially recognized under GDPR yet, GPC aligns with GDPR’s principles of consent and data minimization.
- It could, in the future, be interpreted as a signal of consent refusal, especially if implemented in a clear and informed manner.
Other US State Privacy Laws
- Some laws (e.g., Colorado Privacy Act, Connecticut Data Privacy Act) will require businesses to honor universal opt-out mechanisms, which could include GPC.
GPC in Cookie Compliance
Websites that use Cookie Compliance with Global Privacy Control enabled:
- Detect GPC signals sent by the browser,
- Automatically treat the visitor as having opted out of tracking for sale or sharing purposes,
- Refrain from setting non-essential or advertising cookies,
- Inform users that their GPC preference is being respected.
Enable GPC support in One Click
Cookie Compliance makes it easy to respect your users’ privacy choices—including GPC signals—with just a single setting.
You can enable GPC support directly from your Cookie Compliance dashboard by going to:
Configuration page → Consent tab → “GPC Support” toggle
Once enabled, Cookie Compliance will automatically detect GPC signals sent by users’ browsers and treat them as valid opt-out requests..
Supporting GPC is a simple, future-friendly way to strengthen your privacy posture and reduce regulatory risk—without extra complexity.