Global Privacy Control (GPC)
Global Privacy Control (GPC) is a browser- or device-level signal that automatically communicates a user’s preference to opt out of data selling or sharing across websites.
What is Global Privacy Control (GPC)?
Global Privacy Control (GPC) is a technical signal sent by a browser or application that notifies websites of a user’s request to opt out of the sale or sharing of their personal information. When users enable GPC, websites receiving the signal are required—under laws like the California Consumer Privacy Act (CCPA) and California Consumer Privacy Act Regulations —to honor this opt-out preference signal.
GPC provides a universal, standardized opt-out mechanism that simplifies privacy rights management and supports compliance across digital environments. Organizations implement GPC to reduce regulatory risk and demonstrate commitment to respecting user privacy choices.
Why Global Privacy Control (GPC) matters
GPC strengthens privacy protections by giving users a simple, automatic way to express opt-out preferences, removing the need to manually interact with consent banners on every website. Organizations that detect and honor GPC reduce the risk of enforcement actions under consumer privacy laws and improve transparency with their users.
GPC also helps unify privacy practices across devices and browsers, creating a consistent user experience and supporting operational efficiency for privacy and compliance teams.
How Global Privacy Control (GPC) is used in practice
- Enabling browsers or extensions that automatically send GPC signals
- Detecting GPC signals and applying legally required opt-out logic
- Updating privacy notices to disclose how GPC is honored
- Configuring tag managers to restrict tracking technologies when GPC is active
- Supporting CCPA and CPRA compliance by honoring universal opt-out mechanisms
- Integrating GPC status with preference centers and downstream vendor controls
Related laws & standards
How OneTrust helps with Global Privacy Control (GPC)
OneTrust helps organizations detect and honor GPC signals through integrated consent and preference management tools. The platform automatically applies opt-out logic, restricts tracking technologies, manages downstream vendor behavior, and centralizes reporting to support CCPA and CPRA compliance.
[Explore Solutions →]
FAQs about Global Privacy Control (GPC)
Do Not Track was voluntary and unenforceable, while GPC is recognized under regulations like CCPA and CPRA and certain regulators, requiring organizations to honor the opt-out request.
Privacy, legal, compliance, web engineering, and marketing operations teams typically collaborate to ensure GPC signals are recognized, applied, and documented.
The CCPA and CCPA Regulations require organizations to honor user opt-out preferences for selling or sharing personal data. GPC provides a universal browser-based signal that communicates this preference automatically.
