Do Not Track

Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.

The Do Not Track header was originally proposed in 2009 by researchers Christopher Soghoian and Sid Stamm. Mozilla Firefox became the first browser to implement the feature. The header didn't find widespread success due to the lack of legislation that would require companies to legally respect the Do Not Track header and most companies and websites not respecting the header when sent by the user.

In 2020, a coalition of US-based internet companies announced the Global Privacy Control header that spiritually succeeds Do Not Track header. The creators hope that this new header will meet the definition of "user-enabled global privacy controls" defined by the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR). In this case, the new header would be automatically strengthened by existing laws and companies would be required to honor it.

Global Privacy Control

Global Privacy Control (GPC) is a proposed HTTP header field and DOM property that can be used to inform websites of the user's wish to have their information not be sold or used by ad trackers.^[1] GPC was developed in 2020 by privacy technology researchers such as Wesleyan University professor Sebastian Zimmeck and former Chief Technologist of the Federal Trade Commission Ashkan Soltani, as well as a group of privacy-focused companies including the Electronic Frontier Foundation, Automattic (owner of Tumblr and WordPress), and more.^[2]

The signal has been implemented by DuckDuckGo's private browser and extension, The New York Times, and privacy browser Brave and is supported by Firefox creator, Mozilla^[3] as well as the California Attorney General.^[4] Notably, Google Chrome has not yet implemented the signal,^[5] despite still allowing users to enable the now depreciated Do Not Track header.^[6] However, there are third-party extensions available for Chrome if users want to send the GPC header with their requests, including the Privacy Badger extension by The Electronic Frontier Foundation,^[7] the DuckDuckGo Privacy Essentials add-on,^[8] and more.

One key difference between the Do Not Track header and GPC is that GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.^[4] In July 2021, the California Attorney General clarified through an FAQ that under law, the Global Privacy Control signal must be honored.^[4]

On August 24, 2022, the California Attorney General announced Sephora paid a $1.2-million settlement for allegedly failing to process opt-out requests via a user-enabled global privacy control signal.^[9]

References

^ "Global Privacy Control (GPC)". privacycg.github.io. Retrieved August 17, 2024.
^ "Frequently Asked Questions | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024. Who is supporting the development of GPC?
^ "Founding Organizations | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024.
^ ^a ^b ^c "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. October 15, 2018. Retrieved August 17, 2024.
^ "Chrome Privacy Now!". Chrome Privacy Now!. Retrieved August 17, 2024.
^ "Turn "Do Not Track" on or off". Google Chrome Help. Google.
^ "Privacy Badger". Electronic Frontier Foundation. Retrieved August 17, 2024. What is Global Privacy Control (GPC)?
^ "Global Privacy Control (GPC) Enabled by Default in DuckDuckGo Apps & Extensions". Spread Privacy. January 28, 2021. Retrieved August 17, 2024.
^ Merken, Sara (August 24, 2022). "Sephora to pay $1.2 mln in privacy settlement with Calif. AG over data sales". Reuters. Archived from the original on May 10, 2023. Retrieved June 13, 2024.

[1] "Global Privacy Control (GPC)". privacycg.github.io. Retrieved August 17, 2024.

[2] "Frequently Asked Questions | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024. Who is supporting the development of GPC?

[3] "Founding Organizations | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024.

[:1-4] "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. October 15, 2018. Retrieved August 17, 2024.

[5] "Chrome Privacy Now!". Chrome Privacy Now!. Retrieved August 17, 2024.

[6] "Turn "Do Not Track" on or off". Google Chrome Help. Google.

[7] "Privacy Badger". Electronic Frontier Foundation. Retrieved August 17, 2024. What is Global Privacy Control (GPC)?

[8] "Global Privacy Control (GPC) Enabled by Default in DuckDuckGo Apps & Extensions". Spread Privacy. January 28, 2021. Retrieved August 17, 2024.

[9] Merken, Sara (August 24, 2022). "Sephora to pay $1.2 mln in privacy settlement with Calif. AG over data sales". Reuters. Archived from the original on May 10, 2023. Retrieved June 13, 2024.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Global Privacy Control

See also

References