Announcing Global Privacy Control: Making it Easy for Consumers to Exercise Their Privacy Rights
Announcing Global Privacy Control: Making it Possible for Consumers to Easily Exercise Their "Do Not Sell" Rights Under CCPA
With the introduction of privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), consumers have more rights to limit the sale and sharing of their personal data than ever before. CCPA in particular gives California residents a legal right to opt out of the sale of their data and requires businesses to respect user preferences through a signal from their web browser communicating the consumer’s request to opt out.
While this is great progress, it doesn't amount to much if it is hard for people to take advantage of their new rights. Today, there is no defined or accepted technical standard for how such a web browser signal would work. Without that, users don't have an easy way to express their preferences.
One provision of our regulations intended to facilitate the submission of a request to opt-out of sale by requiring businesses to comply when a consumer has enabled a global privacy control at the device or browser level, which should be less time-consuming and burdensome. I urge the technology community to develop consumer-friendly controls to make exercise of the right to opt out of the sale of information meaningful and frictionless.
This effort, initially spearheaded by Ashkan Soltani (Georgetown Law) and Sebastian Zimmeck (Wesleyan University) now includes The New York Times, The Washington Post, Financial Times, Automattic (WordPress.com & Tumblr), Glitch, DuckDuckGo, Brave, Mozilla, Disconnect, Abine, Digital Content Next (DCN), Consumer Reports, and the Electronic Frontier Foundation (EFF).
In the initial experimental phase, individuals can download browsers and extensions from Abine, Brave, Disconnect, DuckDuckGo, and EFF in order to communicate their "do not sell or share" preference to participating publishers. Additionally, we are committed to developing GPC into an open standard that many other organizations will support and are in the process of identifying the best venue for this proposal.
We look forward to working with AG Becerra to make GPC legally binding under CCPA. At the same time, we are exploring GPC’s applicability and functionality with regard to other similar laws worldwide, such as the GDPR. We are excited about the prospect of empowering people with an easy-to-use tool to exercise their privacy rights.
Quotes from Participating Orgs
We believe consumers rights to online privacy must be expanded. And it is equally importantly to make online privacy easier for people. The combination of legislation and enforcement, protocols like the Global Privacy Control, as well as simple auditable privacy tools for consumers and the organizations they interact with, all play critical parts in realizing Privacy 2.0. Abine's Blur and DeleteMe products and services will actively support initiatives like the GPC and other experiments to strengthen and clarify approaches that can deliver results.
Brave is about putting users in charge of their online experience and building products that incorporate privacy by default, so we're excited to launch GPC alongside our partners to give users the control they deserve. The Web needs such standards to continue being what it was meant to be, and we look forward to the wide dissemination of GPC across publisher sites and consumer tech to strengthen the global rise of the privacy wave.
Consumer Reports is committed to finding novel and practical solutions to safeguard our privacy. While the CCPA offers Californians important new rights, it's just not practical to opt out of data sales on a site-by-site basis. We are proud to work on this project to offer universal controls to make data rights more manageable for consumers.
As new privacy laws around the globe catch up to public expectations, we’re proud to work with such an esteemed group of privacy-forward leaders to experiment with technical solutions which reduce friction and increase trust between a user and the sites they choose to interact. The GPC is intended to be a simple, easy-to-use solution with immediate utility in California as now required by law.
Exercising our privacy rights under the CCPA should be easy. The GPC signal has the potential to empower people to automatically opt out of the sale of their data globally, rather than manually researching complicated opt out processes and sending requests to one site or service at a time.
Getting privacy online should be simple and accessible to everyone, period. Global Privacy Control (GPC) takes us one step closer to making this vision a reality by creating a simple universal setting for users to express their preference for privacy. DuckDuckGo is proud to be a founding member of this effort and starting today, the GPC will be launching in our mobile browser and desktop browser extensions, making the setting available to over ten million consumers.
EFF is excited to deploy GPC as part of Privacy Badger. It is critical for people to have easy-to-use and easy-to-understand technical tools to exercise their privacy rights. GPC is both, and can work alongside existing privacy-protective tools.
Glitch is all about making things easy for developers; we can’t wait to make it easy for devs to build apps that lead the way in respecting user privacy. Consumers have the right to limit how their data is accessed and used. Developers and technologists should design experiences so that exercising those rights is easy and universal. The GPC is hopefully the first of many steps we'll take as an industry to promote greater privacy on the web.
Mozilla is pleased to support the Global Privacy Control initiative. People’s data rights must be recognized and respected, and this is a step in the right direction. We look forward to working with the rest of the web standards community to bring these protections to everyone.