GPC / UOOM Implementation Guide
Global Privacy Control (GPC) is a browser signal that communicates a user’s opt-out preference for sale or sharing of personal information. Several U.S. state laws treat a valid GPC signal as a valid universal opt-out mechanism (UOOM) that must be honored.
Implementing GPC correctly reduces compliance risk for California, Colorado, Connecticut, and other state regimes that recognize opt-out preference signals.
Implementation checklist
- Detect the Sec-GPC header or navigator.globalPrivacyControl in JavaScript.
- When GPC is true, disable non-essential sale/share of personal data and limit ad targeting.
- Document GPC handling in your privacy policy and Do Not Sell page if you operate in covered states.
- Test with browsers and extensions that send GPC; log and monitor false negatives.
Link to your Do Not Sell / privacy pages
Regulators expect your privacy policy URL and any Do Not Sell page to describe how you respond to GPC. Keep those URLs stable and update the text when your ad stack or data sharing changes.