What is Global Privacy Control (GPC)?
Global Privacy Control (GPC) is a Universal Opt-Out Mechanism (UOOM) that allows users to communicate their privacy preferences automatically to websites.
When GPC is enabled in a browser, it sends a signal indicating that the user:
- does not want their personal data to be sold or shared
- does not want to be tracked across websites
Users can enable GPC:
- directly in supported browsers (for example, Brave)
- through a browser extension if the browser does not support GPC natively
GPC helps websites respect privacy rights defined in regulations such as:
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- other U.S. state privacy laws
How the Usercentrics CMP Handles the GPC Signal
When a GPC signal is detected from a browser or browser extension, the CMP applies the following logic:
- If the user has not interacted with the banner (implicit consent). The GPC signal is honored. The user is automatically opted out, and the CMP displays the message: “The GPC signal is honoured.”
- If the user has previously interacted with the banner (explicit consent). The GPC signal is ignored, and the previously stored consent choice remains valid.
- If the user updates their consent manually through the Privacy Link or Privacy Button, the manual interaction overrides the GPC signal.
Supported Frameworks
GPC signal recognition is enabled by default across all supported U.S. privacy frameworks within the product.
The GPC signal is also supported when using the following frameworks:
- GDPR framework (opt-in model)
This allows organizations to honor GPC signals even when using an opt-in consent model, such as GDPR.
Configuration
While GPC is enabled by default for US-based frameworks, you must manually toggle it for the GDPR template if you wish to honor the signal for European traffic.
A feature toggle is available in the Admin Interface.
- Default value: FALSE
- When enabled, the CMP will always honor the GPC signal for opt-in frameworks
When this configuration is relevant
This feature is relevant for customers who:
- use an opt-in consent framework (for example GDPR) in the United States
- operate across EU/EEA and U.S. jurisdictions
- want to standardize consent implementation across regions