• |

Jul. 2, 2025

Navigating Global Privacy Control’s Not-So-Simple Implementation

  • Matt Fleischer-Black
    Cybersecurity Law Report
Before the end of 2025, 10 states will require websites to honor consumers’ broadcasted requests to opt out of all sharing of their personal data with the global privacy control (GPC) or a similar universal opt-out mechanism. GPC, a browser-based setting for consumers to automatically opt out, is said to be simple for consumers to use, simple for companies to implement and simple for regulators to check. But it turns out to have several complexities for companies, underscored by a study of 11,000 sites revealing that many of them did not translate GPC into opt-out signals. This article went behind the study’s findings and looked at GPC’s pitfalls, including misconfigurations, privacy signal system glitches, the ease of consent fraud and issues in due diligence, with insights from an original developer of GPC and experts at Moritt Hock, Neal Gerber & Eisenberg, the Network Advertising Initiative, Orrick and Raptive.

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.