Recognizing GPC in CPM

GPC is a mechanism for consumers to tell websites to respect their privacy rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and legislations in other jurisdictions. If GPC is turned on and the site recognizes the signal, the visitor is automatically opted out of targeted advertising and anything that could be considered “selling” their personal information. 

To enable GPC signal, consumers download a browser or extension that supports the signal. Similar to managing an ad-block extension, consumers can turn on the GPC signal for all websites they visit or each individual website. If a website supports recognizing GPC, then it can register the browser request to Not Sell Personal Info. 

To check if GPC is enabled for your browser, simply go to https://globalprivacycontrol.org/. The site will check if the GPC signal is detected or not.

71._GPC_website.png

To recognize GPC on a website using Consent and Preference Manager (CPM), TrustArc’s customers must embed a javascript code on their websites where they need to recognize GPC. This TrustArc GPC script can be accessed on the Publish page of any Consent Form simply by clicking the Global Privacy Control button.

61._Global_Privacy_Control.png

The following are the steps for enabling GPC recognition on customer websites using CPM.

  1. The script to recognize GPC signal intakes multiple inputs to govern the behavior of GPC recognition. One of the inputs is the Consent Form URL to be used upon recognizing GPC. In the CPM platform, under Setup > Consent Forms, select the Consent Form you wish to use while recognizing GPC.
  1. From the Publish page of the Consent Form Builder, copy the code and embed it on your website.


    NOTE: CPM Consent Form script is updated for better error handling. Error handling within the script documents the error instead of passing the error as the body of the host webpage. If you have previously implemented the CPM Consent Form script, we recommend that you change the following in the script:

    FROM:
    (error) => { document.body.innerHTML = error; document.body.style.color = 'red'; }

    TO:
    (error) => { console.error('[CPM Error]', error); }

    If your embedded script works as expected, this will not be an issue. However, we highly encourage you to update your current script to prevent any issues in the future.

  1. Underr.upm.initsection of the code, add gpcDetection: true, just below theconsentFormId: line. You can view a sample usage of this by clicking the Global Privacy Control button.

    When gpcDetection is set to true, a banner will display when GPC signal is detected, asking the user to submit an opt-out consent to propagate their GPC settings into their network.

    63._GPC_Opt-out_Consent.png
  1. If the user chooses to Ignore the opt-out notification, atrustarc_gpc_has_submitted_formcookie is dropped with an ignored value. You can verify this by checking the Application > Cookies menu of your browser’s Inspect Element.

    64._Inspect_Element_Cookies.png
  1. If the user chooses to Opt-Out, the Consent Form will load normally and upon submission of the form, atrustarc_gpc_has_submitted_formcookie is dropped with a form-opened_submitted value.

    65._Form-Opened_Submitted.png

Available Parameters for GPC Recognition Script

Below is a list of available parameters you can include in your GPC code. 

NOTE: These parameters must be set inside the gpcConfig object for the script to function properly. You can view a sample usage of this by clicking the Global Privacy Control button under the Publish page of a Consent Form in the CPM Portal.

  • geoLocationCodes (Array of strings – Optional)

    TrustArc’s customers may want to recognize the GPC only in certain GeoLocations such as California. TrustArc’s customers can recognize GPC signal on visiting Consumers’ browsers only in certain geographic locations by setting GeoLocation in the script. If this parameter is not set or not passed – then GPC recognition is done for all visiting users not considering the locations they come from. The format of geolocation is: ContinentCode_CountryCode_StateCode. StateCode is optional for most cases. Example for United States, California: NA_US_CA (North America, United States, California).

    66._geoLocationCodes.png
  • showRecognizedGPCImage(Boolean – Optional)

    Default value is false. This flag decides whether to show a “GPC detected” image if GPC is detected for a consumer in their subsequent ( second time onwards) visits. This “GPC detected” image is shown on the bottom right of the webpage, but the location where this image is shown can be controlled using CSS.

    67._showRecognizedGPCImage.png
  • showFormForUnsubmittedDSR(Boolean – Optional)

    Default value is false. This decides if we need to keep showing the intake or consent form if the form was shown previously, but Consent was not submitted. Consumers may choose to ignore the “Opt-Out” DSR submission the first time GPC is detected on their browsers. If this flag is set to true, then even on subsequent visits the GPC banner is displayed as long as GPC is still set on their browsers.

    68._showFormForUnsubmittedDSR.png
  • isFinancialParticipant(Boolean – Optional)

    Default value is false. Set this to true if the consumer visiting your website is participating in a financial incentive program. When this is true – the GPC banner shows specific content for Financial Participants.

    69._isFinancialParticipant.png
  • showFormOnDisabledSecondVisit(Boolean – Optional)

    Default value is false. This flag decides if an Opt-in form is to be shown when GPC was turned on on the previous visit but is turned off in subsequent visits. The form shown is the same form as the Opt-Out form. Hence, if this flag is turned ON, the intake form must support both Opt-Out and Opt-in DSRs.

    70._showFormOnDisabledSecondVisit.png

Other Parameters for GPC Recognition Script

The following parameters can be used to enhance the use of the GPC banner further.

  • content (String – Optional)

    This is the text displayed on the Banner when GPC is detected. The default value of this is: A GPC (Global Privacy Control) signal is detected in your browser. Would you like to opt-out of any sharing or sale of personal information to marketers?”. Using this input, customers can override the default text.
  • financialParticipantContent (String – Optional)

    This is the text displayed on the Banner when GPC is detected and isFinancialParticipant is set to true. The default value of this is: A GPC (Global Privacy Control) signal is detected in your browser. However, you have participated in a financial incentive program.”. Using this input, customers can override the default text.
  • previouslyDetectedContent (String – Optional)

    This is the text displayed on the Banner when showFormOnDisabledSecondVisit is true and users visit the website subsequently and on the previous visit GPC was turned on but is now turned off. The default value of this is: We see that your GPC previously ON is now turned OFF. Would you like to propagate this setting to all your marketing and other consents?”. Using this input, customers can override the default text.
  • cookieExpiryInMonths (number – Optional)

    Sets the expiry date of the GPC cookie to the number of months set from the current date. Default value is 6 months.

    NOTE: Some browsers, like Google Chrome, have an unchangeable cookie expiration date which is set to 7 days. Changing the cookieExpiryInMonths will only revert it back to the default 7 days expiry.