What is the Global Privacy Control (GPC)?
Despite the fact that nations around the world have passed various laws pertaining to the protection of personal information and privacy, such as the EU’s landmark General Data Protection Regulation (GDPR), among many others, the average consumer living in a particular region of the world is still limited in the ways in which they can truly protect their personal data. From targeted advertising campaigns to online web cookies that track the preferences and online habits of users, there are a multitude of ways in which a business or organization can collect personal information from consumers without having to provide said consumers with anything of value in return.
For these reasons, the Global Privacy Control (GPC), a means by which individuals from around the world can signal their privacy preferences to a wide variety of online websites without having to manually visit each of these websites, has been gaining popularity and traction among privacy advocates and consumers alike. Due to this fact, many popular online search engines, including Mozilla’s Firefox, in addition to others, have implemented GPC capabilities into their browser updates in recent years, with the aim of providing consumers with an additional way by which they can safeguard their personal data. Nevertheless, there are certain legal hurdles that stand in the way of consumers utilizing GPC when securing their personal data as it pertains to the U.S.
U.S. state privacy laws
Due to the fact that the U.S. had yet to pass federal a comprehensive data protection law, the level of privacy that a resident of a given U.S. state will have tangible access to will be largely dependent on the specific privacy laws that are on the book within the state in which they reside. To illustrate this point further, popular French beauty retailer Sephora was recently fined $1.2m by California State Attorney General Rob Bonta for violating the California Privacy Rights Act (CCPA). These privacy violations were largely rooted in targeted advertising, as Sephora was alleged to have used the personal information of their respective customers to drive ad revenue without first obtaining the consent of these customers.
With all this being said, Attorney General Rob Bonta was quoted as saying that “Opting out of the sale of personal information should be easy for consumers, and the GPC is one option for consumers who want to submit requests to opt-out of the sale of personal information via a user-enabled global privacy control,” according to the FAQ section of the attorney general’s CCPA webpage. “Under law, it must be honored by covered businesses as a valid consumer request to stop the sale of personal information.” To this last point, consumers within California that are looking to protect their privacy through the use of GPC are supported by the CCPA, and this support has only been reinforced by Rob Bonta’s recent enforcement decision.
However, despite the legal victories that were recently won in the state of California as it pertains to data privacy and GPC, the inevitable reality is that only a few states within the U.S. have enacted data protection legislation that guarantees citizens the right to object to the sale of their personal data. Likewise, this fact highlights the role that legislation plays in matters such as data protection and personal privacy, as any potential method or technique that a consumer might take advantage of when looking to secure their personal data is all but useless without an accompanying law that major businesses and organizations are obligated to abide by when conducting business in the state in which they reside.
Data privacy in Europe
On the other hand, despite the fact that the EU’s GDPR is currently considered to be one of the most stringent and far-reaching data protection laws in the world, the legal right of data subjects to protect themselves against privacy breaches and violations by using GPC remains ambiguous at best. To this end, the U.K. Information Commissioner’s Office (ICO) posted an opinion concerning GPC last month which posited that “the tool “does not at this time appear to offer a means by which user preferences can be expressed in a way that fully aligns” with data protection requirements in the U.K., according to the opinion. Those requirements include the U.K. General Data Protection Regulation, or U.K. GDPR; the Data Protection Act 2018; and the Privacy and Electronic Communications Regulations 2003.”
Through this opinion that was set forth by the UK’s ICO, consumers within Europe are facing the opposite problem as it concerns GPC when compared with consumers in the U.S. Due to the multitude of data protection laws that have been passed within the UK in the last 20 years, the use of GPC must be viewed in the context of this web of privacy laws, meaning that it would be difficult to use a single tool to comply with these numerous forms of legislation. Instead, data protection violations in both the UK and the other current EU members are largely governed by the UK GDPR and the GDPR respectively, as the major data protection authorities within these jurisdictions are tasked with providing citizens with the assurance that their personal data is being protected at all times.
While the idea of personal privacy throughout human history has generally been relegated to those who could afford to seclude themselves from mainstream society, be it financially or socially, the digital nature of online communication and commerce has completely changed this notion. Subsequently, any consumer that uses the internet in any way will be creating a digital footprint that will contain various forms of personal information pertaining to them, and businesses and organizations will work to collect this information in order to generate profits. This being the case, while GPC can by no means be an all-encompassing solution to data privacy, the tool undoubtedly provides consumers with a method they can use to protect their personal data at their sole discretion.