The main problem with DNT was the lack of legal and regulatory backing it received. Website owners could decide if they'd observe the DNT signal and there were no legal repercussions if they chose not to. This is where GPC is different.
....
What to do when receiving a GPC signal
It's up to the developer/business to decide how to treat the signal, for example, removing the user's details from third-party tracking or marketing, following a similar procedure as to when users opt out of sharing data for marketing purposes. If in CCPA jurisdiction, the signal must be observed to avoid legal repercussions.
So what's the difference? Without regulations, which is the real issue here, all this is meaningless just like DNT was. The system is solely based on trusting the site to comply. CCPA only applies in Europe. None of this would apply to users in the US but the article disingenuously implies it would:
At the time of writing, the Attorney General for California has recommended observation of GPC to comply with CCPA
That is not legally binding in any way. This is just DNT with extra step being sold as something it's not. I fail to see how this will benefit the user while making it harder for users to block trackers and advertisers. A site can't prevent you from blocking it's cookies because cookies are stored locally through the context of the browser. Site's can't prevent users from blocking, deleting or modifying cookies.
But GPC signals are sent via HTTP headers. Sites could prevent users from accessing the site by detecting if GPC is disabled by the user in the browser just by checking the HTTP headers, forcing users into sharing information with the site to be allowed to access the site.
CCPA applies in california, not europe. It's in the name: "California Consumer Privacy Act". Did you mix that up with GDPR?
> forcing users into sharing information with the site to be allowed to access the site
One of the CCPA rights are "Not be discriminated against for exercising their privacy rights". Denying access would almost certainly be classified as discrimination.
The main problem with DNT was the lack of legal and regulatory backing it received. Website owners could decide if they'd observe the DNT signal and there were no legal repercussions if they chose not to. This is where GPC is different.
....
What to do when receiving a GPC signal
It's up to the developer/business to decide how to treat the signal, for example, removing the user's details from third-party tracking or marketing, following a similar procedure as to when users opt out of sharing data for marketing purposes. If in CCPA jurisdiction, the signal must be observed to avoid legal repercussions.
So what's the difference? Without regulations, which is the real issue here, all this is meaningless just like DNT was. The system is solely based on trusting the site to comply. CCPA only applies in Europe. None of this would apply to users in the US but the article disingenuously implies it would:
At the time of writing, the Attorney General for California has recommended observation of GPC to comply with CCPA
That is not legally binding in any way. This is just DNT with extra step being sold as something it's not. I fail to see how this will benefit the user while making it harder for users to block trackers and advertisers. A site can't prevent you from blocking it's cookies because cookies are stored locally through the context of the browser. Site's can't prevent users from blocking, deleting or modifying cookies.
But GPC signals are sent via HTTP headers. Sites could prevent users from accessing the site by detecting if GPC is disabled by the user in the browser just by checking the HTTP headers, forcing users into sharing information with the site to be allowed to access the site.