Today, we’re announcing that the upcoming release of Privacy Badger will support the Global Privacy Control, or GPC, by default.

GPC is a new specification that allows users to tell companies they'd like to opt out of having their data shared or sold. By default, Privacy Badger will send the GPC signal to every company you interact with alongside the Do Not Track (DNT) signal. Like DNT, GPC is transmitted through an HTTP header and a new Javascript property, so every server your browser talks to and every script it runs will know that you intend to opt out of having your data shared or sold. Compared with ad industry-supported opt-out mechanisms, GPC is simple, easy to deploy, and works well with existing privacy tools.

DNT vs. GPC

Do Not Track is an older proposed web standard, meant to tell companies that you don't want to be tracked in any way. (Learn more about what we mean by "tracking" here). Privacy Badger was built around DNT, and will continue to send a DNT signal along with every request your browser makes. Privacy Badger gives third-party companies a chance to comply with DNT by adopting EFF’s DNT policy, and blocks those that look like they're tracking you anyway.

If DNT already expresses your intent to opt out of tracking, why do we need GPC? When DNT was developed, many websites simply ignored users’ requests not to be tracked. That's why Privacy Badger has to act as an enforcer: trackers that don't want to comply with your wishes get blocked. Today, users in many jurisdictions, including California, Nevada, and the European Economic Zone, have the legal right to opt out of some kinds of tracking. That's where GPC comes in. 

GPC is an experimental new protocol for communicating opt-out requests that align with privacy laws. For example, the California Consumer Privacy Act gives California residents the right to opt out of having their data sold. By sending the GPC signal, Privacy Badger is telling companies that you would like to exercise your rights. And while Privacy Badger only enforces DNT compliance against third-party domains, GPC applies to everyonethe first-party sites you visit, and any third-party trackers they might invite in.

GPC is a new proposal, and it hasn't been standardized yet, so many sites will not respect it right away. Eventually, we hope GPC will represent a legally-binding request to all companies in places with applicable privacy laws.

To stop tracking, first ask, then act

The CCPA and other laws are not perfect, and many of our users continue to live in places without strong legal protections. That’s why Privacy Badger continues to use both approaches to privacy. It asks websites to respect your privacy, using GPC as an official request under applicable laws and DNT to express what our users actually want (to opt out of all tracking). It then blocks known trackers, who refuse to comply with DNT, from loading at all.

Starting this release, Privacy Badger will begin setting the GPC signal by default. Users can opt out of sending this signal, along with DNT, in their Privacy Badger settings. In addition, users can disable Privacy Badger on individual first-party sites in order to stop sending the GPC signal to those sites.