You are tracked mercilessly today when you surf the web, either on your computer or your smartphone. Websites use several different techniques to identify you and record as much data about you as they can. While marketers will claim that you have the power to opt out of most tracking, this is frankly impossible to do, practically speaking. There are simply too many trackers, many of which you’ll never know about. There’s a new(ish) initiative that aims to address this problem called Global Privacy Control, or GPC. GPC is a browser setting that lets you automatically tell every website you visit to stop collecting your data. Sounds good, right? But it may also sound familiar…
Do Not Track… Pretty Please?
Back in 2009, a group of researchers had a brilliant idea: why don’t we give users a way to tell every website they visit that they don’t want to be tracked? They came up with a simple, global Do Not Track (DNT) flag that users could set on their web browser once and forget it. Their browser would, in turn, tell every website you visited that you did not wish to be tracked.
The obvious problem here is that websites (at that time) were under precisely zero obligation to comply. But there were also a couple interesting twists to the story. At one point, Microsoft took it upon themselves to automatically enable the DNT flag for Internet Explorer users. Advertisers were outraged because the flag was supposed to be an affirmative action taken by the user. They used this move as another reason to ignore the flag. And in an ironic twist, the very fact that your browser set this flag made you more trackable.
Global Privacy Control: DNT 2.0
It turns out that DNT was a little ahead of its time. Without any legal reason to comply, it never caught on and was eventually abandoned. If it had only held out a little longer, it might have been relevant. The European Union’s General Data Protection Regulation (GDPR) was just coming online around the same time DNT was abandoned. However, the GDPR user consent verbiage didn’t seem to explicitly recognize DNT.
Enter Global Privacy Control. From everything I can see, it’s really just “DNT 2.0”. However, this time there are legal requirements – at least in some regions – to actually require compliance. In particular, the California Consumer Privacy Act (CCPA) and subsequent California Privacy Rights Act (CPRA) have explicit language requiring sites to honor these automated requests not to be tracked. Similar laws have been passed in Nevada, Utah, Colorado, Virginia, and Connecticut – with others coming. GPC may yet succeed where DNT failed.
How to Enable Global Privacy Control
This is not a slam dunk. For one thing, there is no US federal law requiring companies to respect GPC. Also, the GDPR interpretation of GPC sadly seems a little weak. There are still too many regions that have no privacy regulations. And the various regulations that do exist need to be “harmonized” with one another on what GPC really means. For example, does the request apply only to further data collection or should it apply to data already collected? Does it apply to the user or just the device that sent the GPC flag?
If you’re lucky enough to live in region that has privacy laws, it’s a no-brainer – just enable it. But even if you don’t, there’s no reason you shouldn’t go ahead and register your desire not to be tracked. Then whenever and wherever this request is required to be honored, you’ll get the benefit.
Thankfully, it’s pretty easy to do. And if you’re already using privacy tools, you may find that GPC has already enabled. The test is simple: go to the Global Privacy Control website. If you see a green dot and “GPC signal detected” at the top, you’re good!
Otherwise, you can do one of the following on your computer:
On mobile devices, you can install the DuckDuckGo browser or the browser extension, or the Brave browser.
When done, return to the Global Privacy Control website and look for the green dot at the top to verify that you’re set up for GPC.