Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Global Privacy Control

From Wikipedia, the free encyclopedia
Web technology for signalling legally binding notice to prevent sale of user information
Global Privacy Control project logo

Global Privacy Control (GPC) is a set of web technologies that can be used to inform websites of the user's wish to have their information not be sold or used by ad trackers.[1] Unlike the now-deprecatedDo NotTrack header, which was unsuccessful as it was ignored by third parties, GPC is intended to have legal force underprivacy laws.[2][3]

GPC was developed in 2020 by privacy technology researchers includingWesleyan University professor Sebastian Zimmeck and former Chief Technologist of theFederal Trade CommissionAshkan Soltani, as well as a group of privacy-focused companies including theElectronic Frontier Foundation,Automattic (owner ofTumblr andWordPress).[4]

Implementation

[edit]

The GPC specification defines two parts for implementing GPC in clients, and one part when implementing for servers.

The first part of a client implementation is aHTTP header with the form:

Sec-GPC: 1

The character '1' is the only allowed value for the header.[5] There is deliberately no mechanism for extensibility; the creators of the standard have stated that they will create new headers if extension becomes necessary.[6]

The second part of a client implementation is setting thenavigator.globalPrivacyControl property to the valuetrue.[7]

Websites can optionally host aJSON-formatted file known as the GPC support resource at thewell-known URI.well-known/gpc.json to indicate how they respond to the GPC signal. This file has up to two relevant members (all other members should be ignored): agpc boolean member wheretrue means that the server intends on complying with GPC requests, andfalse means it does not, and alastUpdate member.[8] By default, a website's support is unknown.

Adoption

[edit]

GPC has been implemented byMozilla Firefox,[9]Brave,[10] andDuckDuckGo Private Browser.[11][10] GPC is not yet supported byGoogle Chrome[12] orMicrosoft Edge,[10] despite Chrome still allowing users to enable the Do Not Track header.[13] However, there are third-party extensions available for Chrome that enable sending the GPC header during HTTP requests, including theEFF'sPrivacy Badger extension[14] and theDuckDuckGo Privacy Essentials add-on[15] amongst others. Many websites including theNew York Times andWashington Post have started to recognize and respect GPC signals.[11]

Currently California, Colorado, Connecticut, and New Jersey are the only states that officially legally recognize and require businesses to honor GPC. In Colorado, the Colorado Privacy Act (CPA) mentions that GPC was the first Universal Opt Out Mechanism (UOOM) to be recognized as meeting the standards of the CPA.[16]Similarly Connecticut started recognizing GPC signals on January 1st 2025 after the Connecticut Data Privacy Act (CDPA) took effect.[17] New Jersey started requiring businesses to respect universal opt-out mechanisms such as Global Privacy Control, under the New Jersey Data Privacy Law (NJDPL) which went into effect on July 15, 2025.[18] GPC has additionally been endorsed by theCalifornia Attorney General[19] under theCalifornia Consumer Privacy Act (CCPA).

Legal status

[edit]

Unlike theDo Not Track header, GPC is a valid do-not-sell-my-personal-information signal according to theCalifornia Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.[19] In July 2021, theCalifornia Attorney General clarified through an FAQ that under law, the Global Privacy Control signal must be honored.[19] Similarly, Connecticut, Colorado, and New Jersey have required GPC signals to be honored through their own state laws such as the Connecticut Data Privacy Act (CDPA),[17] Colorado Privacy Act (CPA),[16] and New Jersey Data Privacy Law.[18]

On August 24, 2022, the California Attorney General announcedSephora paid a $1.2 million settlement for allegedly failing to process opt-out requests via a user-enabled global privacy control signal.[20] Later on July 1st, 2025 the California Attorney General announced the largest CCPA settlement to date of $1.55 million againstHealthline.com for failing to allow consumers to opt out of targeted advertising and for sharing data with third parties without CCPA-mandated privacy protections.[21]

References

[edit]
  1. ^"Global Privacy Control (GPC)".privacycg.github.io. RetrievedAugust 17, 2024.
  2. ^"Global Privacy Control (GPC)".State of California - Department of Justice - Office of the Attorney General. 2025-01-28. Retrieved2025-03-17.
  3. ^Desai, Anokhy (25 October 2022)."Is GPC the new 'do not track'?".iapp.org. Retrieved2025-03-17.
  4. ^"Frequently Asked Questions | Global Privacy Control".globalprivacycontrol.org. RetrievedAugust 17, 2024.Who is supporting the development of GPC?
  5. ^"Global Privacy Control (GPC) - The Sec-GPC header for HTTP requests".w3c.github.io. Retrieved2025-03-17.
  6. ^"Global Privacy Control (GPC) - Extensibility of the Sec-GPC field value".w3c.github.io. Retrieved2025-03-17.
  7. ^"Global Privacy Control (GPC) - Preference caching".w3c.github.io. Retrieved2025-03-17.
  8. ^"Global Privacy Control (GPC) - GPC Support Resource".w3c.github.io. Retrieved2025-07-26.
  9. ^"Global Privacy Control".Mozilla Support. RetrievedDecember 20, 2024.
  10. ^abcVigliarolo, Brandon (2024-12-12)."Mozilla removing Do Not Track option from Firefox 135".The Register. Retrieved2024-12-20.
  11. ^ab"What is Global Privacy Control, the Do Not Track replacement?".Circuit Bulletin. 2024-12-20. Retrieved2024-12-20.
  12. ^"Chrome Privacy Now!".Chrome Privacy Now!. RetrievedAugust 17, 2024.
  13. ^"Turn "Do Not Track" on or off".Google Chrome Help. Google Inc.
  14. ^"Privacy Badger".Electronic Frontier Foundation. RetrievedAugust 17, 2024.What is Global Privacy Control (GPC)?
  15. ^"Global Privacy Control (GPC) Enabled by Default in DuckDuckGo Apps & Extensions".Spread Privacy. January 28, 2021. RetrievedAugust 17, 2024.
  16. ^ab"Universal Opt-Out and the Colorado Privacy Act".coag.gov. RetrievedJuly 26, 2025.
  17. ^ab"Attorney General Tong advises Connecticut consumers and businesses of opt out rights and requirements".ct.gov. December 30, 2024. RetrievedJuly 26, 2025.
  18. ^ab"New Jersey Data Privacy Law FAQs".njconsumeraffairs.gov. RetrievedJuly 28, 2025.
  19. ^abc"California Consumer Privacy Act (CCPA)".State of California - Department of Justice - Office of the Attorney General. October 15, 2018. RetrievedAugust 17, 2024.
  20. ^Merken, Sara (August 24, 2022)."Sephora to pay $1.2 mln in privacy settlement with Calif. AG over data sales".Reuters.Archived from the original on May 10, 2023. RetrievedJune 13, 2024.
  21. ^"Attorney General Bonta Announces Largest CCPA Settlement to Date, Secures $1.55 Million from Healthline.com".oag.ca.gov. Retrieved2025-07-27.

External links

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Global_Privacy_Control&oldid=1333103669"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp