Global Privacy Control, a new Privacy Standard Proposal
By the Brave Web Standards Team
By Peter Snyder, Senior Privacy Researcher at Brave, and Implementation by Anton Lazarev, Research Engineer at Brave
GPC launches today from a consortium of privacy-respecting organizations, to protect consumer privacy and provide consumers with greater control of their data
One of Brave’s core goals is to improve privacy on the Web. The main way Brave improves Web privacy is by building strong, on-by-default privacy protections in the Brave browser. However, Brave also works to improve privacy on the Web in general, particularly by advocating for privacy in the W3C 1.
As part of our privacy-in-Web-Standards work, we’re proud to have been involved in the design for the “Global Privacy Control” (GPC) proposal. The GPC proposal allows Web users to signal that they do not want to be tracked online, and where relevant, assert legal privacy rights, as described in legislation like the EU’s GDPR and California’s CCPA. GPC is meant as an additional privacy tool for browser vendors and Web users; it does not take the place of any existing privacy protections Brave provides.
Why Brave supports the “Global Privacy Control” proposal
First, anything that makes it clearer to the surveillance-economy that users don’t want, don’t approve of, and don’t consent to being followed and tracked on the Web is a good step (and something that Brave has been promoting since we started).
Second, similar consent mechanisms being pushed by the AdTech industry are incompatible with the kinds of privacy protections which Brave includes. For example, the Orwellian-named “consent management platforms” often require your browser to execute code from tracking companies, just to ask them to not track you. Brave blocks these network requests to tracking companies, which the tracking companies often interpret as “no preference expressed yet”.
Good solutions to improving Web privacy cannot require browsers to interact with companies that have already lost users’ trust; the “Global Privacy Control” proposal is a strong framework to begin building better privacy protections on.
Third, Brave is interested in working with responsible, ethical, privacy-respecting publishers who want to respect user privacy without requiring users to click through intentionally confusing dialogs and “consent forms”. We’re especially interested in working with publishers who want to respect user privacy both where the law requires it (e.g., GDPR, CCPA), as well as in areas where the law hasn’t yet caught up to recognize privacy as a right (and pervasive, non-consensual tracking as wrong). We’re excited by the publishers we’ve worked alongside during the “Global Privacy Control” proposal, and we hope others will follow their lead.
Brave’s Implementation of the “Global Privacy Control”
Brave is currently testing an implementation of the GPC proposal in our Nightly desktop and Android beta channels, and expect to implement it in our iOS browser as the proposal goes through the standardization process.
Brave does not require users to change anything to start using the GPC to assert their privacy rights. For versions of Brave that have GPC implemented, the feature is on by default.
We believe that anyone choosing to use Brave has already made an unambiguous expression that they do not want their data to be sold or shared online. Legislation like the CCPA recognizes that the decision to use privacy-focused tools like Brave is itself an expression of user preference for privacy. Requiring users in Brave to take an additional step to enable GPC therefore seems both unnecessary and disrespectful to our users (who have already made their preference clear!).
Brave, GPC, and The Inevitability of a Private-by-Default Web
Since we started, Brave has argued that a healthy, sustainable, vibrant Web requires a privacy-preserving, privacy-by-default Web; business models that depend on tracking will soon look as antiquated as Flash, Java Applets or “made for IE” badges.
Privacy-preserving tools like Brave are just one part of what’s needed to keep improving the Web. Legislation (like the CCPA and GDPR) that enshrines and protects privacy is a second necessary part, and proposals like GPC that allow users to conveniently and privately assert their rights is a third. We’re excited for browsers to implement GPC, more publishers to interpret and respect GPC as discussed in the proposal, and more ways of protecting privacy on the Web.
<em>This page was updated September 2023 to remove the mention that GPC could not be disabled in the Brave browser.</em>
Google is proposing a feature called "First-Party Sets," which would have browsers reduce privacy barriers between sites. This is both alarming and harmful.Read this article →
The UK CMA (along with other regulators and web activists) are largely evaluating Google’s Privacy Sandbox as an isolated, independent set of features. Evaluations that fail to consider how Privacy Sandbox will interact with other upcoming Google proposals will miss how radical and harmful Privacy Sandbox will be to the Web in practice. This piece presents how Privacy Sandbox, when considered with other upcoming Chrome features, will harm user choice, privacy, and competition on the Web.Read this article →
Ready for a better Internet?
Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.Download Brave