November 22, 2024

U.S. Privacy and Data Protection | Insights | Nov. 2024 (State Law)

Portrait Liana Chen
By Liana Chen

Partner

What is Global Privacy Control?

Global Privacy Control (GPC) is a browser setting that allows users to automatically communicate their desire to opt out of the sale or sharing of their personal information such as through marketing cookies. When enabled, GPC sends a signal to websites indicating the user's privacy preferences, essentially functioning as a universal opt-out mechanism. Businesses using cookies should take note of emerging GPC trends.

California's Stance on GPC

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), requires businesses to honor "opt-out preference signals" like GPC. This means that if a user has GPC enabled in their browser, businesses must treat this as a valid request to opt out of the sale or sharing of their personal information (which California broadly defines as including things like marketing and analytics cookies). This aligns with the trend and requirements for cookie consents in the EU/UK and other state legislation.

Recent Regulatory Actions

The Sephora Case

Back in 2022, Sephora settled with the California Attorney General for $1.2 million, including for allegations that it failed to process opt-out requests made through GPC. This case set a precedent for enforcing GPC compliance under the CCPA.1

CPPA Enforcement Advisory

In 2024, the California Privacy Protection Agency (CPPA) Enforcement Division issued its first advisory, emphasizing the importance of honoring GPC signals. This advisory serves as a clear indication that the CPPA is taking GPC compliance seriously.2

How to Comply with GPC Requirements

To ensure compliance with GPC and growing privacy laws, businesses should:

  • Detect GPC Signals: Implement technical measures to recognize GPC signals from users' browsers.3
  • Honor Opt-Out Requests: Treat GPC signals as valid opt-out requests for the sale or sharing of personal information (by 15 business days under the CCPA).
  • Update Privacy Policies: Clearly disclose how your business processes GPC signals in your privacy policy.
  • Train Staff: Ensure that relevant personnel understand GPC and how to handle related consumer requests.
  • Audit Data Practices: Regularly review your data collection, use, and sharing practices to ensure alignment with GPC requirements.
  • Document Compliance: Maintain records of your GPC compliance efforts, including how you process and respond to GPC signals.

Conclusion

As privacy regulations continue to evolve, businesses marketing or selling goods or services online, including in California, should stay informed about GPC requirements.

Kronenberger Rosenfeld, LLP regularly advises clients regarding data and privacy compliance. Contact our firm using our online case submission form.

This entry was posted on Friday, November 22, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

How to Keep Up With New Privacy Laws

There has been a wave of emerging and detailed privacy laws from the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the General...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

FTC Brings Enforcement Action Against Hotel Chain After experiencing multiple large-scale data breaches, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC have agreed to a significant...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

Dark Patterns For any business collecting user data, it's crucial to stay informed about the evolving regulatory landscape surrounding "dark patterns" in advertising and data privacy and security practices. Recent...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

If your business is grappling with advertising or data privacy law issues, understanding the latest developments from the Federal Trade Commission (FTC) could be crucial. This is especially important for...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.