from ars technica
Anyone who remembers Do Not Track—the initiative that was supposed to allow browser users to reclaim their privacy on the Web—knows it was a failure. Not only did websites ignore it, using it arguably made people less private because it made them stick out. Now, privacy advocates are back with a new specification, and this time they’ve brought the lawyers.
Under the hood, the specification, known as Global Privacy Control, works pretty much the same way Do Not Track did. A small HTTP header informs sites that a visitor doesn’t want their data sold. The big difference this time is the enactment of the Consumer Privacy Act in California and, possibly, the General Data Protection Regulation in Europe, both of which give consumers broad rights over how their private information can be used.
At the moment, California residents who don’t want websites to sell their data must register their choice with each site, often each time they visit it. That’s annoying and time-consuming. But the California law specifically contemplates “user-enabled global privacy controls, such as a browser plug-in or privacy setting,” that signal the choice. That’s what the Global Privacy Control—or GPC—does.
“It’s the goal of this effort to help define a mechanism that could satisfy, initially, CCPA’s requirement for a ‘global privacy control,’” Ashkan Soltani, the privacy researcher who helped lead the initiative, said. But he said GPC “is extensible to apply to other privacy laws, such as GDRP, should policymakers deem it adequate for exercising those rights in those jurisdictions.”