GPC Step 02:
Define which geography to apply GPC
While both California’s Consumer Privacy Act (CCPA) and Calififornia’s Privacy Rights Act (CPRA) should abide by the GPC by default, it’s important to consider whether you will afford these rights to other jurisdictions, whether that is other US states or other global jurisdications.
The following table provides an example of how to think about where to provide support for GPC based on users preferences of consent.
| Jurisdiction | Regulation | Data Process | Mechanism | GPC Suitability |
| California, USA | CCPA | Data Sales | Opt-out | YES |
| California, USA | CPRA | Data Sharing | Opt-out | YES |
| California, USA | CPRA | Automated Decision Making | Opt-out | NO |
| Virginia, USA | VCDPA | Data Sales | Opt-out | YES |
| Virginia, USA | VCDPA | Targeted Advertising | Opt-out | YES |
| Virginia, USA | VCDPA | Profiling | Opt-out | NO |
| Connecticut, USA | CTDPA | Data Sales | Opt-out | YES |
| Connecticut, USA | CTDPA | Targeted Advertising | Opt-out | YES |
| Connecticut, USA | CTDPA | Automated Decision Making | Opt-out | NO |
| Colorado, USA | CPA | Data Sales or Sharing | Opt-out | YES |
| Colorado, USA | CPA | Targeted Advertising | Opt-out | YES |
| Colorado, USA | CPA | Automated Decision Making | Opt-out | NO |
| Europe | GDPR / ePrivacy | Essential | Mandatory | NO |
| Europe | GDPR / ePrivacy | Functional | Opt-in | NO |
| Europe | GDPR / ePrivacy | Analytics | Opt-in | NO |
| Europe | Advertising | Opt-in | YES |
You can do this by implementing your own geolocation via IP detection solution to identify the user’s location and appropriately respect their rights. Or you can use Fides (opens in a new tab) to automate this task and adjust jurisdictions as regulations evolve with ease.
If you're unsure how to setup GPC support you can ask the Fides Slack Community (opens in a new tab), or get Privacy Engineering Intelligence from Ethyca (opens in a new tab) now.