Skip to main content

The digital switch that blocks all websites from selling your personal data

Whenever you visit a website, it sets off a chain of modules that are programmed to make the most out of your data. In many cases, that means your personal information is put up for sale and sold to advertisers, marketing firms, and data brokers. Last year alone, U.S companies spent nearly $12 billion on acquiring such third-party audience data.

California’s sweeping new privacy law, the California Consumer Privacy Act (CCPA) — which went into effect at the beginning of this year — wants to crack down on this practice by offering Californians the right to opt out of the sale of their data. Businesses under this jurisdiction are also legally required to have an option on their websites that allows visitors to easily exercise this do-not-sell request and those that don’t can face fines and official inquiries.

But of course, no one wants to deal with another button or pop-up each time they visit a website. That’s where the Global Privacy Control (GPC) initiative comes in.

A not-for-sale sign on your private data

The Global Privacy Control, developed by a group of privacy-focused companies and researchers, is a technical standard that will act as a global setting so that you can opt out of the sale of your data everywhere on the internet with a flip of a common switch. This tool will come built into your browser and send a signal to CCPA-compliant websites telling them you don’t want your personal information on sale.

The GPC, which is in beta at the moment, is not yet enforced under the CCPA law. But in recent testimony, California Attorney General Xavier Becerra has detailed a provision in this law that would eventually facilitate a global opt-out switch like the Global Privacy Control. Later, in a tweet and in a statement to Digital Trends, Becerra further acknowledged and expressed support for the Global Privacy Control.

This proposed standard is a first step towards a meaningful global privacy control that will make it simple and easy for consumers to exercise their privacy rights online.
#DataPrivacy is the future, and I am heartened to see a wave of innovation in this space.

— Xavier Becerra (@AGBecerra) October 7, 2020

“We believe getting privacy online should be simple and accessible to everyone, period,” Peter Dolanjski, director of products at DuckDuckGo, one of the early backers of the Global Privacy Control, told Digital Trends. “Global Privacy Control adds an additional layer of privacy protection which is simple to enable and intended to be backed by legal enforcement, starting with the CCPA and expanding to other jurisdictions over time.”

Succeeding where Do Not Track failed

“Legally” is indeed the key word here. For years, privacy advocates have been waging a war against internet and data companies to secure fundamental security rights and push back against invasive online practices that commercialize people’s private information. Without a law to back them up, however, most of these efforts have fallen through the cracks or only achieved low-impact results.

The decade-old Do Not Track specification is the epitome of this. Since it was never made mandatory by law, it didn’t actually do anything in reality and businesses simply ignored it and continued to track users as they pleased. Eventually, many tech companies like Apple just gave up and even removed the Do Not Track option from their services.

Even if Do Not Track had passed, it never had the technological infrastructure it needed to be truly effective. Let’s be real: How often do we bother to read the General Data Protection Regulation (GDPR) warnings and confirmations thrown at us by websites? In fact, a study by DataGrail revealed that since the CCPA went live on January 1, 2020, only 82 “do not sell” requests were sent for every million consumer records.

The Global Privacy Control theoretically suffers from none of these concerns. It already has a legal backbone in California, and it’s embraced by a notable cohort of organizations including Mozilla, Brave, the Electronic Frontier Foundation (EFF), Automattic (WordPress and Tumblr), The New York Times, and more.

As the GPC signal runs automatically in the background, people won’t have to hunt down and toggle an option themselves. In its beta release, the Global Privacy Control has been rolled out to a handful of platforms, and you can try it today on DuckDuckGo, Brave, Google Chrome (thanks to the EFF’s add-on, called Privacy Badger), and more.

Privacy Badger Global Privacy Control
Image used with permission by copyright holder

Kelvin Coleman, the executive director of the National Cyber Security Alliance (NCSA), believes GPC’s legal buffers will help it legitimize its goals, as opposed to “Do Not Track” which was “rolled out in a vacuum.”

“With CCPA and GDPR existing as legal precedents, companies are forced to navigate a minefield of compliance issues and heavy fines if they’re not careful about how they handle user data. This creates more incentive to accept GPC in the long run,” Coleman said.

Not the silver bullet yet: The long, grueling road ahead

However, security researchers warn that it will take years before the Global Privacy Control materializes on a wide scale and, even then, it may not be the silver bullet for egregious online data abuses. More importantly, the GPC’s legal scope, assuming it’s bound in the CCPA, is limited to California. On top of that, it doesn’t apply to data shared with nonprofits, government agencies, and businesses that make less than $25 million in revenue.

Sebastian Zimmeck, one of the founding members of the GPC and a computer science professor at Wesleyan University, remains optimistic and argues that while California currently is a major use case, the technology behind it is law-agnostic and can be bent to have varied legal bindings depending on how other jurisdictions draft their privacy legislation in the future.

DuckDuckGo’s Dolanjski adds that the consortium is also talking to “various parties in the European Union” to integrate the Global Privacy Control with GDPR.

The European Data Protection Supervisor, GDPR’s official privacy watchdog, didn’t comment on whether it’s exploring GPC partnerships, but it said in a statement that it welcomes “privacy-oriented initiatives that may have a positive impact on a more sustainable digital economy and that promote competition in the field of technology in an era of growing digitization.”

Another shortcoming that could cripple the GPC’s success is that unless it’s activated on each one of your browsing sessions on all of your devices, it will have little effect on your online privacy. You see, the Global Privacy Control signal is beamed every time you visit a website. It’s not universally activated on your profile.

“Our information is at risk more than ever, and the GPC could be the steppingstone we need for enabling a future where privacy is a legal right, not a personal choice.”

So for instance, you can ask a particular site on your computer to not sell your data with GPC. But when you go to that site again on your phone, where GPC may not be available yet, the business is free to misuse your private information.

Peter Snyder, a senior privacy researcher at Brave, sees the GPC as a floor and hopes that responsible websites, companies, and advertisers will use it “as part of a multifaceted approach to make sure they are ethically and responsibly respecting users and user privacy” including automatically applying it to all sessions if the visitor has an account with them.

Then there’s the conflict question. What if the site already has your consent to sell your private information in its Privacy Policy?

How the GPC adapts to the cobweb of permissions and pop-ups websites requests remains to be seen once more participants get on board. But Zimmeck suggests this will depend on the law. The CCPA, for instance, dictates that businesses must respect the opt-out signal no matter what and, if needed, notify or reach out to the customer to resolve any specific disputes.

Despite its flaws, the Global Privacy Control appears promising and potentially the best shot yet at cutting back data misuse online. Our information is at risk more than ever, and the GPC could be the steppingstone we need for enabling a future where privacy is a legal right, not a personal choice.

“Until there’s a wider collective of participating publishers, businesses, and websites — coupled with sufficient legal enforcement — the GPC will continue to be an ideal with limited range,” said NCSA’s Coleman. “But that ideal shows real promise in the face of greater adoption.”

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
4 simple pieces of tech that helped me run my first marathon
Garmin Forerunner 955 Solar displaying pace information.

The fitness world is littered with opportunities to buy tech aimed at enhancing your physical performance. No matter your sport of choice or personal goals, there's a deep rabbit hole you can go down. It'll cost plenty of money, but the gains can be marginal -- and can honestly just be a distraction from what you should actually be focused on. Running is certainly susceptible to this.

A few months ago, I ran my first-ever marathon. It was an incredible accomplishment I had no idea I'd ever be able to reach, and it's now going to be the first of many I run in my lifetime. And despite my deep-rooted history in tech, and the endless opportunities for being baited into gearing myself up with every last product to help me get through the marathon, I went with a rather simple approach.

Read more
This bracelet helps you fall asleep faster and sleep longer

This content was produced in partnership with Apollo Neuroscience.
Have you been struggling to get the recommended seven hours of sleep? It's always frustrating when you get in bed at a reasonable time, then toss and turn for a hours before you actually sleep. The quality of that sleep is important too. If you're waking up multiple times during the night, you're likely not getting the quality REM cycle sleep that truly rejuvenates your body. If traditional remedies like herbal teas and noise machines just aren't helping, maybe it's time to try a modern solution. Enter the Apollo wearable.

Now we understand being a little skeptical. How can a bracelet on your wrist or ankle affect your sleep patterns? Certainly the answer to a better night's sleep can't be so simple. We considered these same things when we first heard of it. We'll dive deeper into the science behind the Apollo wearable, but suffice it to say that many people have experienced deeper, uninterrupted sleep while wearing one.
A non-conventional approach to better sleep

Read more
The 11 best Father’s Day deals that you can get for Sunday
Data from a workout showing on the screen of the Apple Watch Series 8.

Father's Day is fast approaching and there's still time to buy your beloved Dad a sweet new device to show him how much you love him. That's why we've rounded up the ten best Father's Day tech deals going on right now. There's something for most budgets here, including if you're able to spend a lot on your loved one. Read on while we take you through the highlights and remember to order fast so you don't miss out on the big day.
Samsung Galaxy Tab A8 -- $200, was $230

While it's the Plus version of the Samsung Galaxy Tab A8 that features in our look at the best tablets, the standard variety is still worth checking out. Saving your Dad the need to dig out their laptop or squint at a small phone screen, the Samsung Galaxy Tab A8 offers a large 10.5-inch LCD display and all the useful features you would expect. 128GB of storage means plenty of room for all your Dad's favorite apps as well as games too. A long-lasting battery and fast charging save him the need for a power source too often too.

Read more