One of the key elements of the August 24, 2022 CCPA enforcement action by the California Attorney General was the use of the Global Privacy Control (GPC) signal as a mechanism for consumers to opt out of the sale of personal information.
The Global Privacy Control empowers users to signal their chosen privacy settings to websites and services through their browser. This signal communicates consumers’ expectations around the sharing and sale of their data online. Additionally, this feature promotes trust between customers and businesses.
The GPC signal automatically communicates the user’s preferred privacy setting to the website. As a result, the website can seamlessly record and respect the individual’s privacy request. Respecting the signal can help companies manage compliance with CCPA-REGULATIONS §999.315.
Businesses under the CCPA must follow the statute and the final modified regulations. This means that a browser or device must respect a “Do Not Sell” or “Do Not Track” signal from a user as an opt-out request. The California Privacy Rights Act (CPRA) was passed on November 3, 2020, and it brought with it a range of new obligations for organizations to comply with before the effective date of January 1, 2023. Honoring the GPC signal will also be a requirement under the CPRA.
OneTrust supports the GPC signal through our cookie consent product and consent management platform (CMP). Customers can set a signal in the OneTrust environment under the targeting category to enable this feature. As a result, your website automatically accepts the visitor’s signal preferences. We have several resources for OneTrust customers to configure and test GPC.
If you are not a OneTrust customer, sign up for a demo to understand how OneTrust supports the Global Privacy Control Signal.