Publication

George and Dargan for Reuters: Global Privacy Control – What Businesses Need to Know

July 13, 2026

In an article for Reuters, Haynes Boone Partner Gavin George and Associate Mallika Dargan examine how global privacy control (GPC) is reshaping the U.S. privacy compliance landscape.

As more states require businesses to honor browser-based opt-out signals and regulators increase enforcement efforts, including coordinated multi-state privacy sweeps, George and Dargan explain why GPC is no longer a niche technical issue but a growing compliance priority for organizations that collect personal information online.

Read an excerpt from the article below.

What Is Global Privacy Control?

Global Privacy Control is a technical specification that enables internet users to notify businesses of their privacy preferences through settings on their web browser. When a user enables GPC, either through a built-in browser setting or a browser extension, every website they visit receives an automated signal indicating that the user does not want their personal information sold or shared. …

State Laws and GPC

A growing number of states require businesses to honor universal opt-out mechanisms such as GPC, which today include California, Colorado, Connecticut, Delaware, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Minnesota, Maryland and Texas. The trend is unmistakable: GPC signal recognition and compliance is becoming a baseline expectation across a growing number of state jurisdictions. …

The Enforcement Landscape 

In 2022, the California Attorney General announced a $1.2 million settlement with Sephora stemming from the company's failure to honor user opt-out requests submitted via Global Privacy Control signals. The Sephora case highlights that regulators are willing to bring enforcement actions specifically for GPC non-compliance. 

Considerations In Light of GPC

The most common way for a business to collect personal information through their website is through their use of third-party tracking cookies. This type of data collection often meets the “sale” or “share” definitions under applicable state privacy laws, which further triggers the need for GPC compliance.

Read the full article on Reuters here. The article was also published in Westlaw Today.

Media Contacts