Global Privacy Control (GPC)

Global Privacy Control (GPC) is a browser signal indicating the visitor’s preference to opt out of sale/sharing and similar tracking. When you enable GPC support in Cookie Compliance, the signal is honored before any interaction: the session starts in a protected state where marketing/personalization purposes are held off by default. The banner still appears and the visitor can choose Private, Balanced, or Personalized—but until they explicitly opt in, the stricter defaults remain in place.

Why GPC Matters

In the context of privacy regulations, GPC is particularly relevant under:

California Privacy Laws (CCPA/CPRA)

The CPRA (California Privacy Rights Act) explicitly states that businesses must honor a user-enabled Global Privacy Control. Ignoring GPC when it is enabled can be considered a violation of the law.

EU GDPR (General Data Protection Regulation)

While not officially recognized under GDPR yet, GPC aligns with GDPR’s principles of consent and data minimization. It could, in the future, be interpreted as a signal of consent refusal, especially if implemented in a clear and informed manner.

Other US State Privacy Laws

Some laws (e.g., Colorado Privacy Act, Connecticut Data Privacy Act) will require businesses to honor universal opt-out mechanisms, which could include GPC.

How it fits with Purpose Categories and Access Levels

GPC is not a geofence and not consent by itself; it’s a preference signal. It acts before any user interaction and narrows what’s allowed by default:

  • Purpose Categories — GPC pushes Ad Personalization (and any categories you associate with sale/sharing or cross-site tracking) to off by default. Basic Operations stay on; Site Optimization and Content Personalization follow your policy posture.
  • Access Levels — The visitor can still choose Private, Balanced, or Personalized. With GPC present, Private and Balanced behave the same as usual; Personalized remains available, but runs only if the visitor explicitly accepts it.

This keeps the model simple: GPC sets the guardrails; the visitor’s selection makes the final call within those guardrails.

Enable GPC support

How to activate:

  1. Go to Configuration and open the Consent section.
  2. Toggle Enable GPC Support On.
  3. Save/Publish your changes.

Cookie Compliance - Global Privacy Control (GPC)

What this toggle does:

  • When a browser sends a Global Privacy Control (GPC) signal, Cookie Compliance treats it as an opt-out preference and starts with a conservative default: anything mapped to sale/sharing or cross-site tracking (typically Ad Personalization) is off until the visitor explicitly opts in.
  • The banner still appears as usual; no Access Level is preselected. Visitors can choose Private, Balanced, or Personalized—their selection takes precedence and is enforced by Autoblocking.
  • Your configured consent modes (Google Consent Mode, Meta (Facebook) Consent Mode, Microsoft Consent Mode) read the same resulting consent state; nothing “leaks” before consent.

What it does not do:

  • It doesn’t change your Purpose Categories; it only applies your existing mapping under a present session.
  • It doesn’t hide the banner or silently accept/reject on the user’s behalf.

Quick terminology

Global Privacy Control (GPC) — a browser signal indicating a user’s opt-out preference for sale/sharing and cross-site tracking.

Purpose Categories — the “why” behind a service (e.g., Basic Operations, Site Optimization, Content Personalization, Ad Personalization).

Access Levels — visitor-friendly presets over those purposes (Private, Balanced, Personalized).

Do Not Sell/Share — a U.S. opt-out concept some policies expose to visitors.

Still need help? Contact Us Contact Us

Related Articles