California's Attorney General recently confirmed that companies captured under the California Consumer Privacy Act (CCPA) must honor Global Privacy Control (GPC) signals. Osano's Consent Management platform now understands and communicates GPC signals.
A coalition of tech companies, developers and privacy advocates worked together to create the GPC signal. It aims to create a global web browser setting that allows users to control their online privacy. By enabling Global Privacy Control in Osano's Consent Manager, Osano customers' end users can opt-out of the sale of their data across all websites that respect the signal. The GPC signal is either communicated by the browser's default settings (DuckDuckGo and Brave support this) or via an extension installed.
This change is optional, but Osano strongly recommends enabling the GPC toggle. Important: To implement the GPC change, you will need to do a "republish."
As one WIRED reporter put it in his story on GPC:
"What do you call a privacy law that only works if users individually opt-out of every site or app they want to stop sharing their data? A piece of paper. Or you could call it the California Consumer Privacy Act."
Here's what he meant: Under California's Consumer Privacy Act, organizations are required to offer users opt-out rights. Typically, users had to opt-out of data processing or the sale of their data at each website they visited. That was until a coalition of more than a dozen organizations began developing the GPC specification.
GPC aims to make opting out easy.
DuckDuckGo and Brave already incorporate GPC into their codes at the browser level. But for end-users that use other browsers, many extensions will add the functionality to any given browser. That control is up to the end-user.
But, as mentioned above, the reason this really matters is, while the CCPA doesn't specifically mention the GPC signal, the California Attorney General gets to issue regulations indicating specific compliance requirements. In July, the office added to its CCPA FAQs that businesses selling personal information must honor GPC signals.
To be clear: the GPC doesn't prevent data collection. It simply indicates that companies must opt users out of the selling of the data an organization has collected on them. When an end-user toggles the GPC, there's no documentation that they don't want their data sold within Osano's blockchain. That makes it auditable. It's now a permanent, traceable and timestamped record.
With this change, your organization can: