Skip to Main Content
Main Menu
Articles

Global Privacy Control and Known User Consent: Technical Brief

Businesses can build trust with consumers (whether they’re existing or potential customers) by demonstrating they respect every individual’s privacy rights – and by making it as easy as possible for consumers to choose whether they opt in or opt out of their personal information being used to deliver targeted services and marketing.

In California, businesses must get a consumer’s consent to share or sell their personal information – before this data is collected. CCPA/CPRA gives consumers the right to change their mind and withdraw consent (opt out) via forms on websites and apps or when a Global Privacy Control (GPC) signal is detected.

Tech Explained: What is Global Privacy Control?

The GPC was designed to make it easy for individuals to tell businesses, “Do not sell or share my personal information”.

It works as a universal opt-out mechanism to save consumers from having to click through notices or locate opt-out forms or pop-ups on individual websites they visit. They simply set up an Opt-out signal once in their preferred web browser or extension that supports GPC, such as Disconnect, DuckDuckGo Privacy Browser, Firefox, or Privacy Badger by the Electronic Frontier Foundation, and the extension helps them automatically exercise their privacy rights.

Privacy Laws with Global Privacy Control Requirements

The California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA) require businesses to respect consumers’ right to opt out from having their personal information sold or shared by a business to any other business.

The CCPA regulations (§999.315) explicitly state “a business shall provide two or more designated methods for submitting requests to opt out, including an interactive form … and user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their personal information”.

Other regulations, such as the Colorado Privacy Act and the European Union’s GDPR, are also set to include Global Privacy Control as an enforceable universal opt-out mechanism. The EU’s GDPR, like California’s CCPA/CPRA, already requires businesses to get opt-in consent from consumers.

In Colorado, businesses must give consumers easy access to opt-out mechanisms via privacy notices and in other conspicuous locations. From July 1, 2024, under the Colorado Privacy Act consumers will have the right to signal opt out from targeted advertising, profiling, and sale/sharing of their personal data via (the Act’s terminology) a ‘Universal Opt-Out Mechanism’ – such as Global Privacy Control – which will be enforceable in the state.

TrustArc Technologies with ‘GPC detected’ and ‘Known User’ Features

TrustArc is very focused on helping businesses build and maintain positive customer relationships by providing best practices and compliant privacy consent management technologies.

TrustArc Customer Consent Preference Manager

We continue to develop new features in TrustArc’s Consent & Preference Manager to help businesses streamline the consent preference experience for customers, while staying abreast of updates to privacy laws such as CCPA/CPRA with our centralized privacy regulation compliance platform.

TrustArc Financial Incentive Notice Service

The CCPA regulations state: “If a global privacy control conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business shall respect the global privacy control but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial incentive program.”

Configurable by TrustArc account managers, our Financial Incentive Notice gives customers easy-to-understand choices about a financial incentive program that requires opt in to trackers:

  • Do not Participate – and therefore opt out of the financial incentive program and related tracking; or
  • Continue to participate – keeping the customer enrolled in the financial incentive program and therefore allowing the business to track the customer so it can continue to deliver marketing, discounts and/or other customer loyalty benefits.

TrustArc Cookie Consent Manager – Unique Known User Feature

TrustArc’s Cookie Consent software accelerates the set up and management of complex cookie activities for businesses across all domains while ensuring compliance with privacy laws in all countries they operate in.

Cookie Consent Manager includes features such as auto-detect for Global Privacy Control (GPC) signals – and the world’s first CCPA/CPRA-compliant Known User feature.

TrustArc’s Known User Feature addresses the CPRA amendments to CCPA that becomes enforceable on March 29, 2024, which requires businesses to record and remember a consumer’s consent preferences across every device and browser they might use to provide a frictionless experience.

The California Privacy Agency noted on February 3, 2023, in its Final Statement of Reasons: “Subsection (c)(1) has been modified to add language that the opt-out preference signal shall be treated as a valid request to opt out of sale/sharing for any consumer profile, including pseudonymous profiles, that are associated with the browser or device for which the opt-out preference signal is given.

“Additional language has also been included to further clarify that, if known, a business is also required to treat the opt-out preference signal as a valid request to opt-out of sale/sharing for the consumer.

“This change is necessary to address the realities of how the internet works, i.e., sometimes the business may only know the consumer pseudonymously and other times they may match the online actions with an offline consumer. This modification ensures that the opt-out preference signal applies to both situations.”

 

graphic depicting the order consent preference storage between logged in vs. logged out users in Safari and Firefox

TrustArc solves the challenge of identifying customers and respecting their choices across devices and browsers with a Known User feature in our proprietary technology, which can be configured by a TrustArc Technical Account Manager on behalf of your business to ensure a frictionless consent choice experience for your customers – and compliance with CCPA amendments under CPRA.

Get Help from TrustArc For Managing GPC Signals and Known User Consent

TrustArc’s privacy experts are committed to helping businesses understand and address privacy law updates – such as CCPA/CPRA rules when a GPC signal is detected – with a comprehensive and easy-to-search database of TrustArc Privacy Insights.

Get the latest resources sent to your inbox

Subscribe
Back to Top