Opt-Out Preference Signals (Global Privacy Control)
Audited by Privisy — The Privisy scanner actively tests for compliance with this requirement. Findings linked to this citation appear in your scan report.
What it requires
Businesses must treat a valid Global Privacy Control (GPC) signal as a consumer request to opt out of the sale and sharing of personal information. The signal must be honored with the same effect as a manual opt-out request.
Legal text (excerpt)
A business shall treat a user-enabled global privacy control as a valid request to opt-out of the sale or sharing of personal information, and shall process the request as soon as feasibly possible, but no later than 15 business days from the date of the request.
Primary source
📄California Privacy Protection Agency (CPPA) — § 7025: Opt-Out Preference Signals (Global Privacy Control) ↗Privisy checks
The following Privisy scanner checks are grounded in this citation:
- ⚡GPC Signal — Marketing Cookies Blocked
- ⚡GPC Signal Honored
- ⚡Third-Party Request Inventory
Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change — verify against the authoritative source and consult a licensed attorney for compliance guidance.