This article mentions using Global Privacy Control as a replacement for Do Not Track, but doesn’t bother to explain what GPC does. Its adjacent article incorrectly claims that GPC uses the DNT: 1 header field, fails to explain further, and links to a Mozilla page that doesn’t explain it, either.

Even the GPC web site fails here, offering several pages of vague, abstract fluff about their intentions and a useless document full of marketing industry acronyms, without anything substantial about how it works. The single mention of a spec fails to state where to find it. The closest it comes is a tangential sentence containing a broken github.io link.

Finally, and only because I happen to know github.io’s URL format, I was able to guess my way to an organization page, and from there to a project page, which has a README file containing a footnote linking to the proposed spec:

https://w3c.github.io/gpc/

Geez… it’s as though the people involved don’t want anyone to know how this proposed safeguard is supposed to work.

After reading it, it looks like these are the main differences in Global Privacy Control vs. Do Not Track:

• Replaces the DNT: 1 header field with Sec-GPC: 1.
• Adds a javascript property to indicate the same thing.
• Does not honor preference changes after the first navigation to a site. (Having changes respected apparently requires clearing site data from the browser and reloading. A helpful browser might prompt the user to do this.)
• Defines a way for sites to indicate that they are aware of GPC (but does not require them to honor it).
• Expresses a wish that your data not be shared, but says nothing about it being collected.
• May be considered legally binding in some jurisdictions. It’s not clear whether the few that currently recognize it will enforce it in any meaningful way.