The Problem GPC Solves
Every time you visit a website, you're potentially handing over data that gets sold to advertisers, data brokers, and analytics companies. Cookie consent banners were supposed to give users control, but the reality is a labyrinth of dark patterns designed to wear you down until you click "Accept All." Global Privacy Control (GPC) takes a different approach: it lets your browser speak for you, automatically.
What Is Global Privacy Control?
GPC is an open technical specification that allows users to signal their privacy preferences to every website they visit — automatically and universally. When enabled in a compatible browser or extension, it sends an HTTP header (Sec-GPC: 1) and a JavaScript property (navigator.globalPrivacyControl = true) with every web request.
In plain English: your browser tells websites, "Do not sell or share my personal data," without you having to click through a consent form on every single site.
Is GPC Legally Binding?
In some places, yes. GPC is recognized as a valid opt-out mechanism under:
- California's CCPA/CPRA: Businesses subject to the law must honor GPC signals as a valid opt-out of data sale/sharing.
- Colorado Privacy Act (CPA) and Connecticut's CTDPA: Both recognize universal opt-out mechanisms including GPC.
- EU/UK consideration: While GDPR doesn't explicitly mandate GPC, regulators are increasingly treating such signals as relevant to consent and legitimate interest assessments.
The legal landscape is still evolving, but the direction is clear: browser-level privacy signals are gaining legal weight.
How to Enable GPC
Browsers with Native GPC Support
- Brave Browser: GPC is enabled by default.
- Firefox: Enable via the Privacy Badger extension, or check settings for "Tell websites not to sell or share my data."
- DuckDuckGo Browser (mobile): GPC is on by default.
Browser Extensions
- Privacy Badger (EFF) — free, open source, enables GPC automatically.
- DuckDuckGo Privacy Essentials — available for Chrome, Firefox, and Edge.
GPC vs. Do Not Track (DNT)
You may have heard of Do Not Track — an older, similar idea. Here's why GPC is different and more meaningful:
| Feature | Do Not Track (DNT) | Global Privacy Control (GPC) |
|---|---|---|
| Legal backing | None — purely voluntary | Legally binding in some US states |
| Industry adoption | Largely ignored | Growing compliance requirements |
| Standard body | W3C (stalled) | GPC community spec, W3C interest group |
| Effectiveness | Minimal | Meaningful in regulated jurisdictions |
Limitations to Know
GPC is not a magic shield. It doesn't block tracking technologies directly — it signals a legal preference. Enforcement depends on businesses actually complying, and compliance is not universal. Pair GPC with other tools: a content blocker like uBlock Origin, a privacy-respecting DNS resolver, and good password hygiene.
The Bottom Line
Enabling GPC takes about two minutes and costs nothing. In jurisdictions where it carries legal weight, it's one of the most direct ways to exercise your data rights without filling out opt-out forms one website at a time. As privacy regulations expand globally, GPC is a signal worth sending.