Security news that informs and inspires

Global Privacy Control Protocol Aims to Pick Up Where Do Not Track Left Off

A small group of powerful web companies, privacy organizations, and publishers is forwarding a new privacy protocol called Global Privacy Control (GCP) that is designed to send a signal from browsers to websites that individuals do not want their personal data sold to third parties.

GCP is the latest effort to give people a mechanism to communicate their privacy preferences to the sites they visit, following in the wake of the Do Not Track system. DNT, which allows people to enable an option to send a signal to sites that they do not want to be tracked across third-party sites, has never fully caught on, due mainly to the fact that it has no legal or regulatory authority behind it. As a result, many sites simply ignore the signal and do whatever they want. While the major browsers all support DNT, it has not had the effect that its developers had hoped it would when it debuted more than 10 years ago.

The GCP protocol is a proposed upgrade to DNT, though it is not a direct replacement. While the DNT signal communicates the individual’s preferences about tracking, GCP is focused on the collection and sale of personal data. It uses the same mechanism for communicating the individual’s preference--an HTTP header--and several major publishers and web companies support it already, including Mozilla, Duck Duck Go, Brave, The New York Times, and the EFF. The browser vendors will communicate the signal from their products, and others, such as the EFF, will support it with the Privacy Badger extension.

“Getting privacy online should be simple and accessible to everyone, period. Global Privacy Control (GPC) takes us one step closer to making this vision a reality by creating a simple universal setting for users to express their preference for privacy,” Gabriel Weinberg, CEO of Duck Duck Go, the privacy focused browser, said in a statement.

“The CCPA and other laws are not perfect, and many of our users continue to live in places without strong legal protections."

GCP, announced Wednesday, debuts at a time when privacy legislation is taking center stage both nationally and in several key states. There are numerous privacy related bills pending on Capitol HIll, with the most recent being the SAFE DATA Act introduced last month. The most prominent state privacy regulation is the California Consumer Privacy Act (CCPA), which mandates that consumers have the ability to opt out of the sale of their data, and the GCP signal would give them a simple way to communicate that to websites.

“The CCPA and other laws are not perfect, and many of our users continue to live in places without strong legal protections. That’s why Privacy Badger continues to use both approaches to privacy. It asks websites to respect your privacy, using GPC as an official request under applicable laws and DNT to express what our users actually want (to opt out of all tracking). It then blocks known trackers, who refuse to comply with DNT, from loading at all,” Bennett Cyphers, staff technologist at the EFF, said.

“Starting this release, Privacy Badger will begin setting the GPC signal by default. Users can opt out of sending this signal, along with DNT, in their Privacy Badger settings.”

Among the other platforms supporting GCP are The Washington Post and Automattic, which owns both Tumblr and WordPress.