How Global Privacy Control (GPC) works
Who supports the GPC Signal
The GPC was crafted by a collaborative group consisting of publishers, tech firms, browser and extension creators, and civil rights organizations. The project is spearheaded by Ashkan Soltani from Georgetown Law and Sebastian Zimmeck from Wesleyan University.
While the standard is still in the works, it's already backed by major browsers and extensions like Abine, Brave, Disconnect, DuckDuckGo, OptMeowt, and Privacy Badger. Prominent websites such as The New York Times and Financial Times also honor this signal.
Pandectes is a staunch supporter of this movement, championing compliance solutions that uphold consumer preferences and rights.
This feature helps publishers easily respect a California consumer opt-out of sale request. However, this signal is relevant for any website operating in a jurisdiction with an opt-out model.
How it works with Shopify & Pandectes
First of all Shopify tracking consent must be in play and Merchant must have set either Option B ("Collected after consent")
Then the Location of the visitor must be a CCPA location (California, Virginia, etc)
When the previous two apply, then window.Shopify.trackingConsent.getRegulation() returns the string "CCPA". This is the first check I do.
Merchant must have obviously activated the GPC Integration under integrations of our app.
In the browser we check whether globalPrivacyControl has been enabled by the visitor
This was done using the Shopify flag. We used to get the window.Shopify.trackingConsent.currentVisitorConsent()
This is now done via the navigator.globalPrivacyControl flag which is not Shopify specific. This is true when the user has turned the option on (https://global-privacy-control.glitch.me/).
If the browser flag is set (navigator.globalPrivacyControl === true or 1 (chrome)), then we set the sale_of_data property of the currentVisitorConsent to "no".
The whole process only affects the sale_of_data property and not the other properties (marketing, analytics, preferences).
To test it, call the window.Shopify.trackingConsent.currentVisitorConsent() method and see the object.
Note: If the store has enabled the CCPA page, then the user may select to opt-in the sale of data. If the sale_of_data is already "yes" it is not affected by the GPC flag.
Updated on: 24/11/2023