So GPC is basically the same as DNT, but according to [1], "GPC improves on DNT in several ways:"
- Legal backing: Unlike DNT, GPC is supported by more laws, like the CCPA, which requires businesses to honor these signals.
- Targeted approach: While DNT broadly addressed tracking, GPC focuses specifically on stopping data from being sold or shared, making it more relevant to today’s privacy needs.
- Better adoption potential: GPC was created with input from regulators, privacy advocates, and industry leaders, to align it with existing laws and address previous gaps in functionality.
But essentially, it's more or less the same.
So it seems it's less "Firefox removes DNT" and more "Firefox deprecates earlier ineffective version of GPC".
> GPC is supported by more laws, like the CCPA, which requires businesses to honor these signals
Because it's off by default? It's the exact same thing, a header with a preset value.
> While DNT broadly addressed tracking, GPC focuses specifically on stopping data from being sold or shared, making it more relevant to today’s privacy needs.
My needs are not being tracked. The tracking is what comes before the selling. I don't want to opt out of selling, I want to opt out of tracking.
> Better adoption potential: GPC was created with input from regulators, privacy advocates, and industry leaders, to align it with existing laws and address previous gaps in functionality.
"Gaps in functionality"? The difference between GPC and DNT is that DNT sends "DNT: 1" and GPC sends "Sec-GPC: 1".
Companies that never respected DNT aren't going to respect GPC. The only difference here is that IE doesn't have GPC enabled by default, but it does have DNT enabled by default.
> Companies that never respected DNT aren't going to respect GPC.
It depends. While I agree that GPC is technically just a more complicated form of DNT, the major difference is that DNT is 100% optional for websites to honor, which is why they don't, but GPC becomes mandatory for nations that have reasonable laws around tracking. Companies operating in those nations will honor it because there are legal penalties if they don't.
Does this mean that if I set GPC, companies are not allowed to show me cookie banners under GDPR but just assume I hit whatever their "decline all tracking" button says?
The California Attorney General ruled that if a user presents a GPC signal, the company should update all of their backend systems to opt out of tracking in the same way as if the user clicked a "Do Not Sell My Personal Information" button.
- Legal backing: Unlike DNT, GPC is supported by more laws, like the CCPA, which requires businesses to honor these signals.
- Targeted approach: While DNT broadly addressed tracking, GPC focuses specifically on stopping data from being sold or shared, making it more relevant to today’s privacy needs.
- Better adoption potential: GPC was created with input from regulators, privacy advocates, and industry leaders, to align it with existing laws and address previous gaps in functionality.
But essentially, it's more or less the same.
So it seems it's less "Firefox removes DNT" and more "Firefox deprecates earlier ineffective version of GPC".
[1]: https://www.cookiebot.com/en/global-privacy-control/