Data Privacy Could Become Easier Thanks to Global Privacy Control Group

A new initiative is hoping to simplify the process by which internet users can complete data privacy requests.

The Global Privacy Control Group (GPC), an organization created by companies including DuckDuckGo and Mozilla — creator of Firefox — has announced the beta launch of an extension that signals privacy requests to publishers and websites.

GPC is already integrated into a few privacy-focused browsers — like DuckDuckGo and Brave. It’s also available as an extension for some of the more popular browsers, like Chrome.

Can GPC Protect Your Data In Ways “Do Not Track” Couldn’t?

The initiative is similar in some ways to Do Not Track from 2009, which attempted, through your browser, to communicate tracking preferences. That initiative didn’t gather much steam and was ignored by most companies.

The GPC, though, is a little bit different — it has laws on its side. Specifically, the California Consumer Privacy Act (CCPA), which gives people the ability to opt out of having their data sold. Though the law is nominally restricted to California residents, its scope means that people will be affected nationwide.

The GPC is also more powerful than cookie blockers, which don’t control data that you willingly provide to companies.

Many of these Companies Don’t Want You to Opt Out

The CCPA took effect on January 1 of this year. You may have noticed a slew of emails in your inbox around that time stating that various companies’ privacy policies had changed.

Companies also have to give you a way to tell them you don’t want your data being sold. Many are making that as hard as possible by hiding links in difficult-to-find places. But the GPC’s extension will be easy, and companies should be obligated to follow users’ requests. The New York Times and Washington Post, for example, have already announced they’ll honor opt-outs.

Do People Really Care About Data Privacy?

Well, they definitely should. And by many accounts it appears people are concerned. So far, though, the results are mixed in terms of how that relates to actions. 

In a recent Pew poll, 79% of respondents said they were concerned about how companies are using the data they collect. But 59% also reported that they “have very little/no understanding about what [a company] does with the data collected. And privacy extension company Abine, which integrates GPC, told website Search Engine Land that in its first week, only 32% of its users activated “Do Not Sell.” There’s a danger that despite their concern, users feel too overwhelmed to take action. If you’ve ever clicked “Allow All Cookies” to quickly navigate away from a pop-up, then you can relate.

So far, only a few companies have come out and said they’ll go by GPC requests. Others are still going to rely on their own links. And though fines are on the table as punishment, they won’t be doled out unless the California Attorney General deems the specification legally binding. There’s also some hedging of what counts as a “sale,” though the specification could change from “Do Not Sell” to “Do Not Sell Or Share” if California’s Proposition 24 is passed this year.

Regardless of its ultimate success, GPC looks to be worth a shot. Even if it ends up not having a lot of teeth, it’s an easy way for people to signal their privacy concern to companies. Hopefully it does end up being effective in limiting the amount of personal data that’s sold. 

If nothing else, the GPC will keep the data privacy conversation alive.