Skip to content
02: Define where GPC applies

GPC Step 02:

Define which geography to apply GPC

While both California’s Consumer Privacy Act (CCPA) and Calififornia’s Privacy Rights Act (CPRA) should abide by the GPC by default, it’s important to consider whether you will afford these rights to other jurisdictions, whether that is other US states or other global jurisdications.

The following table provides an example of how to think about where to provide support for GPC based on users preferences of consent.

JurisdictionRegulationData ProcessMechanismGPC Suitability
California, USACCPAData SalesOpt-outYES
California, USACPRAData SharingOpt-outYES
California, USACPRAAutomated Decision MakingOpt-outNO
Virginia, USAVCDPAData SalesOpt-outYES
Virginia, USAVCDPATargeted AdvertisingOpt-outYES
Virginia, USAVCDPAProfilingOpt-outNO
Connecticut, USACTDPAData SalesOpt-outYES
Connecticut, USACTDPATargeted AdvertisingOpt-outYES
Connecticut, USACTDPAAutomated Decision MakingOpt-outNO
Colorado, USACPAData Sales or SharingOpt-outYES
Colorado, USACPATargeted AdvertisingOpt-outYES
Colorado, USACPAAutomated Decision MakingOpt-outNO
EuropeGDPR / ePrivacyEssentialMandatoryNO
EuropeGDPR / ePrivacyFunctionalOpt-inNO
EuropeGDPR / ePrivacyAnalyticsOpt-inNO

You can do this by implementing your own geolocation via IP detection solution to identify the user’s location and appropriately respect their rights. Or you can use Fides (opens in a new tab) to automate this task and adjust jurisdictions as regulations evolve with ease.

If you're unsure how to setup GPC support you can ask the Fides Slack Community (opens in a new tab), or get Privacy Engineering Intelligence from Ethyca (opens in a new tab) now.