global-privacy-control

Installation
SKILL.md

Implementing Global Privacy Control (GPC)

Overview

Global Privacy Control (GPC) is a browser-level signal that communicates a user's privacy preference to opt out of the sale or sharing of their personal information. The GPC specification defines both an HTTP header (Sec-GPC: 1) and a JavaScript API (navigator.globalPrivacyControl) for transmitting this signal.

Under California Privacy Rights Act (CPRA) Section 1798.135(e), businesses must treat GPC signals as valid opt-out requests. The California Attorney General confirmed this enforcement position in the Sephora settlement (August 2022, $1.2 million fine), which was the first enforcement action involving GPC signals.

Legal Requirements by State

California — CPRA (effective January 1, 2023)

  • Section 1798.135(e): A business that collects consumers' personal information shall treat the consumer's use of an opt-out preference signal as a valid request to opt out of sale/sharing under Section 1798.120.
  • AG Regulation 11 CCR 7025(b): If a business collects personal information from consumers online, the business shall treat an opt-out preference signal as a valid request to opt-out of sale/sharing for that browser or device and any consumer profile associated with that browser or device.
  • Sephora Settlement (August 2022): California AG fined Sephora $1.2 million for failing to honor GPC signals, among other violations.

Colorado — Colorado Privacy Act (CPA, effective July 1, 2024)

Installs
11
GitHub Stars
187
First Seen
May 26, 2026
global-privacy-control — mukul975/privacy-data-protection-skills