Several privacy advocates launched an initiative to create a global standard for requesting and enforcing privacy on sites and services on October 07, 2020. The proposed standard is called Global Privacy Control (GPC) and was written by Robin Berjon, Executive Director of Data Governance at The New York Times, Sebastian Zimmeck, Assistant Professor of Computer Science at Wesleyan University, Ashkan Soltani, an independent technologist, David Harbage, Privacy Engineer at DuckDuckGo, and Peter Snyder, a Senior Privacy Researcher at Brave.
The GPC draft outlines the specifications for a method that would enable browsers to communicate to sites the user doesn’t want to be tracked. It also seeks to provide a legally enforceable solution.
This document defines a signal, transmitted over HTTP and through the DOM, that conveys a user’s request to websites and services to not sell or share their personal information with third parties. This standard is intended to work with existing and upcoming legal frameworks that render such requests enforceable.Abstract from Global Privacy Control (GPC) Unofficial Draft 07 October 2020
There currently isn’t a global standard to tell sites not to track you. Most privacy-concerned netizens rely on content blockers like Better, which stop trackers but don’t communicate with sites. Content blockers are also troublesome because they can interfere with how sites render and trigger anti-content blockers like Admiral.
If GPC becomes a standard, users will be able to configure their browsers to block tracking from all sites and automatically communicate the preference to the sites they visit. In turn, sites will be expected to detect and respect the preference.
The biggest hurdle to GPC’s ‘Do Not Track’ utopia is enforcement. If the standard doesn’t have any legal ramifications for sites that ignore it, it won’t make a difference. The creators of GPC are well aware of this, which is why they developed the spec with existing and future laws in mind.
Gilad Edelman, who covers politics and technology for Wired, says GPC is designed to work within the parameters of the California Consumer Privacy Act (CCPA).
The CCPA includes a mechanism for solving the one-by-one problem. The regulations interpreting the law specify that businesses must respect a “global privacy control” sent by a browser or device. The idea is that instead of having to change privacy settings every time you visit a new site or use a new app, you could set your preference once, on your phone or in a browser extension, and be done with it.Gilad Edelman, ‘Do Not Track’ Is Back, and This Time It Might Work
In addition to CCPA, Edelman says the group believes “the technology will be legally enforceable under other privacy regimes, including Europe’s Global Data Protection Regulation (GDPR).”
How to use the Global Privacy Control signal
The best way to use GPC now is to install an extension that supports it. These are the free extensions that will enable GPC in Chrome.
GPC will become native soon in some browsers. Brave is testing it now, and Firefox is also expected to add it. If the standard is adopted, it will likely be added to Safari and perhaps Chrome and Edge.
Additionally, Automattic, the creator of WordPress, is a participating organization. The company’s association suggests they plan to add functionality to WordPress, which would enable the CMS to respect the signal. If Automattic does include GPC detection in WordPress, it will make over 30% of the internet sites capable of using it.