GPC
GPC, or Global Privacy Control, is a browser- or device-level signal that communicates a user’s preference to opt out of data selling or sharing across websites.
What is GPC?
GPC (Global Privacy Control) is a technical signal sent by a browser or application to indicate that a user wants to opt out of the sale or sharing of their personal information. When a user enables GPC, websites receiving the signal are required—under laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)—to honor the opt-out request.
GPC simplifies consent management by giving users a universal, automatic way to communicate their privacy preferences. Organizations implement GPC compatibility to meet regulatory requirements and strengthen trust with users who expect transparent privacy controls.
Why GPC matters
GPC plays a critical role in helping organizations comply with privacy laws that require opt-out mechanisms for data selling or sharing. Rather than relying solely on on-page banners or manual consent interfaces, GPC allows users to send a standardized signal that must be respected.
Implementing GPC reduces the risk of non-compliance with opt-out obligations, improves user experience, and demonstrates an organization’s commitment to respecting individual privacy choices.
GPC also supports broader privacy governance programs by providing a consistent, automated method for honoring user rights across devices and applications.
How GPC is used in practice
- Enabling browsers or extensions that automatically send GPC signals to websites
- Detecting GPC signals on websites and applying appropriate opt-out logic
- Updating consent banners and privacy notices to disclose GPC handling
- Configuring tag managers to suppress tracking when GPC is active
- Supporting CPRA and CCPA compliance by honoring universal opt-out mechanisms
- Integrating GPC status with preference centers and user rights workflows
Related laws & standards
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- General Data Protection Regulation (GDPR)
- Digital Personal Data Protection Act (DPDPA)
- SOC 2
How OneTrust helps with GPC
OneTrust enables organizations to automatically detect and honor GPC signals through integrated consent and preference management tools. The platform ensures that tracking, cookies, tags, and downstream vendors are appropriately restricted when GPC is active. OneTrust also centralizes evidence and reporting to demonstrate compliance with CCPA and CPRA opt-out requirements.
[Explore Solutions →]
FAQs about GPC
Do Not Track was a voluntary signal that websites often ignored, while GPC is enforceable under privacy laws like CCPA and CPRA, requiring organizations to honor the opt-out request.
Privacy teams, legal teams, web engineering, and marketing operations collaborate to ensure GPC signals are detected, respected, and documented.
The CPRA requires honoring user opt-out preferences for selling or sharing personal data. GPC provides a universal, browser-based mechanism to communicate this preference automatically.
