Mozilla has become the latest browser to test the waters in incorporating the Global Privacy Control in Firefox this week, calling itself “the first major web browser” to do so. 

The GPC — required under the California Consumer Protection Act (CCPA) and Europe’s Global Data Protection Regulation (GDPR) — tells websites not to sell or share your personal data.  

Mozilla said the GPC is a prerelease feature available for experimental use in Firefox Nightly.

A Mozilla spokesperson said they were excited to see GPC getting traction both in California and Colorado and now that they expect sites to start honoring it, they want to start getting experience with it in the field.

“Many websites present cookie consent banners that let users opt out of tracking and of having their data sold on a site by site basis. The difference here is that the user doesn’t need to opt out on every site — which we think is a better solution,” Mozilla told ZDNet. 

“Mozilla was one of the early supporters of the CCPA and of the CPRA and, in 2020, we became one of the founding members of the Global Privacy Control. We endorsed this concept because it gives more control to people over their data online and sets a path for the enforcement of their privacy rights. Our approach to privacy has long been to fight on different fronts which is why we launched Enhanced Tracking Protection by default back in 2019 and have since expanded our arsenal of anti-tracking tools, and have been advocating for strong privacy legislation and enforcement.”

To turn Global Privacy Control on in Firefox Nightly, users can type about:config in the URL bar of their Firefox browser or type type `globalprivacycontrol` in the search box. From there, toggle `privacy.globalprivacycontrol.enabled` to true.

If you visit https://globalprivacycontrol.org/, the site will tell you whether you have it enabled or not. 

Abine, Brave, Disconnect, DuckDuckGo, OptMeowt and Privacy Badger are listed on the GPC website as browsers that have incorporated the feature into their service. 

The Washington Post reported this week that the GPC is part of an effort by organizations like the Electronic Frontier Foundation and Consumer Reports to force websites into privacy compliance.

But unfortunately, California is one of the few states where the GPC is considered an acceptable method for consumers to opt-out of sales. 

“Under law, it must be honored by covered businesses as a valid consumer request to stop the sale of personal information,” California attorney general Robert Bonta said on a website explaining the CCPA. It is unclear whether officials in Virginia and Colorado will also enforce it the same way. 

“CCPA requires businesses to treat a user-enabled global privacy control as a legally valid consumer request to opt out of the sale of their data. CCPA opened the door to developing a technical standard, like the GPC, which satisfies this legal requirement & protects privacy,” said former California Attorney General Xavier Becerra, who is now Secretary of the US Department of Health & Human Services.