Ad Serving, Serving Fines: How California is Cracking Down with GPC

By Seth Loonan

31 August 2021

As of July 1, 2021, the California Attorney General (AG) began sending violation notifications to companies not in compliance with privacy-consent of the Global Privacy Control (GPC) signal in addition to other CCPA requirements.

CCPA_Confiant_GPC article

What is the GPC?

The GPC is an additional way for consumers to opt out of tracking and sale of their personal information. The GPC communicates a user’s privacy preferences and is sent by the user's browser to each website they visit. In turn, websites are required to respect the GPC signal. According to the GPC website and press release:

“As of today, over 40 million users are utilizing a browser or extension with GPC support—such as Abine, Brave, DuckDuckGo, Disconnect, and Privacy Badger. Major publishers such as The New York Times now recognize the GPC signal as a valid opt-out of sale under CCPA. Others, including The Washington Post, Meredith Digital (People.com, Allrecipes.com, etc), Automattic (WordPress.com), and CafeMedia have committed to honoring it this coming quarter.”

What does the GPC mean to my business?

Recently, the California Attorney General stated that businesses (including publishers) must comply with the GPC signal to honor consumers’ requests to opt out, or potentially face significant fines from the California AG under the CCPA guidelines.  

After the California AG notifies a company of a violation, they have 30 days to comply with the law or face the consequences. Unresolved violations carry fines up to $2,500 for each unintentional violation and $7,500 for each intentional violation (the AG determines intent). The fines can add up rapidly. As an example, Publisher Y ignores or does not honor deletion or opt-out requests from 150,000 California viewers, and then Publisher Y shows ads to those viewers. 150,000 requests X $7,500 intentional violations = $1.125 million in fines.   

Confiant has incorporated the GPC signal into our privacy compliance solution, Privacy Compliance by Confiant. This additional feature will help publishers remain in compliance with CCPA and avoid fines from the AG. The solution already incorporates other consent protocols such as the US Privacy string from the Interactive Advertising Bureau (IAB) and the Transparency and Consent Framework (TCF) string from IAB Europe to provide a robust compliance solution for publishers around the world. 

Privacy Compliance by Confiant identifies in real-time whether an ad complies with the user’s privacy-consent status and allows the publisher to block that ad if it does not comply, providing an added safety net for the publisher. Consent violations are reported to the publisher in the dashboard, empowering them to understand any violations, identify which entities are non-compliant, and address the issue right away. Publishers have the option to receive alerts about non-compliant ads or block them automatically.

Privacy Compliance by Confiant identifies privacy compliance consent mismatches with the GPC signal required by the CCPA.

Our privacy compliance solution was designed to provide the information and controls that publishers need. Inclusion of the GPC signal is a natural enhancement to our solution. 

Interested in Privacy Compliance by Confiant? Click here to request a free trial