Why does this matter?
As one WIRED reporter put it in his story on GPC:
"What do you call a privacy law that only works if users individually opt-out of every site or app they want to stop sharing their data? A piece of paper. Or you could call it the California Consumer Privacy Act."
Here's what he meant: Under California's Consumer Privacy Act, organizations are required to offer users opt-out rights. Typically, users had to opt-out of data processing or the sale of their data at each website they visited. That was until a coalition of more than a dozen organizations began developing the GPC specification.
GPC aims to make opting out easy.
DuckDuckGo and Brave already incorporate GPC into their codes at the browser level. But for end-users that use other browsers, many extensions will add the functionality to any given browser. That control is up to the end-user.
But, as mentioned above, the reason this really matters is, while the CCPA doesn't specifically mention the GPC signal, the California Attorney General gets to issue regulations indicating specific compliance requirements. In July, the office added to its CCPA FAQs that businesses selling personal information must honor GPC signals.
To be clear: the GPC doesn't prevent data collection. It simply indicates that companies must opt users out of the selling of the data an organization has collected on them. When an end-user toggles the GPC, there's no documentation that they don't want their data sold within Osano's blockchain. That makes it auditable. It's now a permanent, traceable and timestamped record.
With this change, your organization can:
- Demonstrate compliance with the California Consumer Privacy Act.
- Keep the California Attorney General happy.
- Signal to customers and end-users you care about their privacy rights.