What Does the Global Privacy Control (GPC) Mean for Online Retailers?
With smart data use a key driver of growth in recent years, increasing customer privacy protection presents a challenge for online retailers. However, it also creates an opportunity to be proactive when it comes to data management and make a streamlined approach to privacy a business asset. The result of an ongoing collaboration between a diverse group of privacy-focused companies, including Abine, Brave, Consumer Reports, DuckDuckGo, Mozilla, The New York Times, and a growing list of others, the "Global Privacy Control" (GPC) browser plug-in allows businesses to receive user data privacy preferences without burdening themselves or inconveniencing their customers.
The GPC intends to combine a host of privacy preferences about cookie usage and third-party data access into one pre-configured signal to streamline how people communicate privacy preferences and organizational compliance requirements. In its present form, it allows consumers visiting a participating website through a GPC integrated web browser or extension to automatically inform site owners about how much of their personal information they're comfortable with the site sharing or selling to third parties.
For sites based in jurisdictions where privacy-focused legislation is in effect, GPC is designed to remove the need to outline and administer a confusing array of privacy options to every visitor. With GPC, opting out of, or into, data use preferences transitions away from the existing "box-ticking" format that sites are increasingly required to inflict upon their visitors. Instead, GPC saves a user's privacy preferences in one place and automatically lets participating sites know their privacy choices, making compliance simpler.
While recognizing GPC opt-out requests isn't a legal requirement for any business, upcoming regulations are set to change this. The recently passed CPRA law means recognizing the "do not sell/share my data" signal that GPC users send will become a legal requirement for businesses with California-based customers by 2023. For companies with customers in the European Union, GPC signal isn't legally binding yet either, but a future version of GPC designed to mesh with GDPR, legal recognition isn't far away.
However, aside from giving consumers a functional browser-based tool to exercise legal rights regarding data privacy, GPC also benefits businesses. Firstly, it creates an opportunity to shift to a new paradigm around data usage. Rather than an adversarial relationship between users and site owners, GPC proposes a two-way dialogue through transparency. In an era when public concern about personal data is growing, adopting GPC alongside an internal culture of privacy allows companies to embrace positive messaging around data protection. Forward-thinking businesses can use the new privacy standard that GPC creates to show customers that they do more than pay lip service to privacy concerns.
Adopting GPC doesn't mean the end of companies being able to leverage customer data for business purposes, either. As we can see from consumer studies about opt-in preferences, most customers are OK with a certain amount of tracking and behavior targeting. As such, some degree of targeting will likely remain possible even with GPC in place. By streamlining the process of requesting and coordinating user privacy requirements, consumer signals about privacy preferences also improve the user experience for participating websites.
So is GPC the magic bullet for companies struggling to meet privacy obligations? Probably not, but while critics of GPC may point to the previous failure of the Do Not Track (DNT) initiative, GPC benefits from a rising tailwind of privacy legislation. With Gartner predicting that over 60 percent of the world's population will have some legal privacy protection by 2023, adopting GPC presents businesses with an opportunity to be proactive regarding consumer privacy.
