Global Privacy Control

Global Privacy Control

Ethyca Pro includes additional features to set a user’s consent preferences based on the presence of a global privacy control signal.

What is Global Privacy Control

From the website: Global Privacy Control — Take Control Of Your Privacy

Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification.

The specification manifests in a signal which can be read and interpreted by consent platforms and websites to automatically opt out users from data sales and sharing use cases.

How does Ethyca Support Global Privacy Control?

Global Privacy Control (GPC) support is automatically enabled on Ethyca Pro. It does not require additional implementation steps within the control panel.

GPC, your site, and the Ethyca Global Consent Object

When a user has the Global Privacy Control enabled and first accesses a site which includes Ethyca consent
the Ethyca Global Consent object will be automatically updated to reflect that the user is opted out of data sales and data sharing use cases, which are represented by GROUP4 and GROUP5 in the object. Existing integrations you have via platforms like Google Tag Manager, Shopify, Segment or your own site will adhere to the opt-out state of these use cases.

Consent Banner

The Ethyca consent banner will automatically opt out users from data sales and sharing use cases based on the signal received from the browser. If a user has set the GPC signal to opt-out, they will be automatically opted out of non-functional systems listed in the consent banner and the banner will not be displayed.

Privacy Center

A user who accesses the privacy center to manage their consent preferences with GPC enabled will see that they’ve been automatically opted out of data sales and data sharing use cases, provided they don’t have an existing opt-in preference saved for one of these use cases. See this state below:


If a user visits the privacy center with existing consent preferences that conflict with their GPC signal, a modal will appear to notify the user of the conflict and ask them if they’d like to update their settings to match their GPC signal.

  • By clicking “Yes” to confirm their selections, the user's conflicting choice will be preserved, and a record will be created in the consent log to indicate they agreed to continue despite their GPC signal, for record keeping purposes.
  • By clicking “No” they are choosing to adhere to their GPC signal, and will be automatically opted out of any conflicting use case.
  • A user who wishes to make more changes on the privacy center can click the X to return and make changes to individual use cases.

Any time they subsequently access the privacy center with a preference that conflicts with GPC, they will be asked to confirm their choice to remain opted in to each use case.

Indicating Support for GPC

We recommend that you include support representation to indicate that your site abides by GPC. To do this, you should return a JSON object from the URL <http://<yourdomain>/.well-known/gpc.json where <yourdomain> is replaced with the domain of your website. The JSON object should be formatted as follows:

  "gpc": true,
  "lastUpdate": "2023-01-14"

The content-type must be application/json

The lastUpdate value should be the date from which you add this new response. More information about this support resource can be found on the GPC Specifications.