Privacy

After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don't see why this couldn't be used for tracking too.

For HTTP:

A user agent MUST generate a Sec-GPC header... if... gpcAtNavigation is true.

For JavaScript:

The globalPrivacyControl property is available on the navigator object

GPC also looks like a watered down version of DNT. DNT was "do not track," and GPC is "do not sell:

GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).

Emphasis mine

I would like to raise two somewhat related reasons for keeping Do Not Track which I have not yet seen discussed.

Reason 1: The analytics industry has made it easy for webmasters to make an explicit choice.

More than 15 analytics tools support the ability to obey Do Not Track signals as a setting for webmasters. Instead of leaving it up to webmasters to code a solution, the analytics industry has stepped up and has made it easy for a webmaster to make an explicit choice. A webmaster can migrate from one analytics tool to another tool while still being able to easily apply the same choice.

Reason 2: A significant number of websites have added text in their privacy policies indicating an explicit choice regarding Do Not Track signals.

Privacy policies are difficult to read and interpret. There are not many standards for privacy policies, making them typically very hard to compare against each other.

If we put our creative minds to the task, we might see that Do Not Track offers us a solution by providing a reasonably consistent way to QUICKLY EVALUATE a company's explicitly chosen practice by looking at only a small portion of a privacy policy.

We can either spend the time to open up a privacy policy and search for the Do Not Track section or we can perform a web search with the website's name and the "Do Not Track" text.

It is not important whether we actually set the Do Not Track setting in our web browser! What is important is that the setting actually exists in our web browser as a potential choice. By keeping that setting available as a choice for users, some webmasters may continue to feel compelled to describe the explicit choice made for their websites, and we gain the ability to quickly understand the INTENTIONS of a given website. Do Not Track grants us the ability to be able to SAVE TIME by having a common way to evaluate multiple websites.

Here is a list of analytics services which offer a setting to enable or disable the obeying of Do Not Track signals.

https://experienceleague.adobe.com/en/docs/marketo/using/product-docs/web-personalization/getting-started/setting-web-personalization-to-do-not-track "In Web Personalization and Predictive Content, a marketer can set a toggle to indicate whether to support or ignore the browser's Do Not Track (DNT) setting." "When the toggle is set to On, Web Personalization will honor and support the browser's Do Not Track (DNT) setting, and will not track any web activity or run any campaigns or content recommendations on your website."

https://saschaeggi.medium.com/setup-matomo-analytics-with-drupal-and-respect-do-not-track-header-gdpr-compliant-d382b12e2740 "Matomo already provides you a setting to respect users with a 'Do Not Track' (DNT) header set."

https://docs.simpleanalytics.com/dnt "By default the data will not include visitors with the Do Not Track enabled. To also record DNT visitors you can add data-collect-dnt='true' to the script tag" "If you don't add the data-collect-dnt attribute we will not record visits from users who have DNT enabled."

https://developer.bitmovin.com/playback/docs/do-not-track-cookie-handling-in-analytics "By default Bitmovin Analytics will honor this user preference and ignore all incoming requests that have the DNT header set to 1."

https://www.hotjar.com/policies/do-not-track/ "Before collecting your data, Hotjar always checks to see if you have enabled the 'Do Not Track' setting in your browser."

https://wp-statistics.com/resources/do-not-track/ "The DNT-respecting functionality is active by default, aligning with our privacy-first philosophy."

https://help.mouseflow.com/en/articles/4325367-the-privacy-settings "Honor Do-Not-Track" "This setting allows you to honor the Do-Not-Track (DNT) signal. When enabled, Mouseflow will listen for the signal and if it is found, prevent the user session from being recorded."

https://jetpack.com/support/jetpack-stats/jetpack-stats-honor-do-not-track-dnt/ "As a site owner, you can force the Jetpack Stats feature to honor any visitors with DNT enabled and not track their activity"

https://wideangle.co/documentation/data-do-not-track-handling "Wide Angle Analytics proudly handles the Do Not Track irrespective of broader adoption. Doing so allows your visitors to indicate their Opt-Out of the tracking process."

https://docs.metrical.xyz/privacy/what-we-track "Metrical will honour the Do not Track setting and we don't send the visit when we find the do not track flag enabled."

https://umami.is/docs/v1/tracker-configuration "You can configure Umami to respect the visitor's Do Not Track setting."

https://wpcrux.com/blog/how-to-make-google-analytics-respond-to-do-not "To make Google Analytics respond to 'do not track,' you can enable the 'Respect Do Not Track' option in the settings of your Google Analytics account."

https://documentation.freshpaint.io/integrations/destinations/apps/mixpanel/mixpanel-reference "Ignore DNT" setting "When enabled, Mixpanel will track all events, regardless of if the browser has 'Do Not Track' enabled."

https://websmithiananalytics.ca/help/dnt "Yes, we honor the Do Not Track (DNT) setting from browsers that support it."

https://github.com/milesmcc/shynet "By default, Shynet will not collect any data from users who specify DNT."

https://baseanalytics.io/do-not-track-dnt/ "We do honor the Do Not Track (DNT) setting from browsers which support this."