Skip to content

GPC Step 02:

Define which geography to apply GPC

While both California’s Consumer Privacy Act (CCPA) and Calififornia’s Privacy Rights Act (CPRA) should abide by the GPC by default, it’s important to consider whether you will afford these rights to other jurisdictions, whether that is other US states or other global jurisdications.

The following table provides an example of how to think about where to provide support for GPC based on users preferences of consent.

Jurisdiction Regulation Data Process Mechanism GPC Suitability
California, USA CCPA Data Sales Opt-out YES
California, USA CPRA Data Sharing Opt-out YES
California, USA CPRA Automated Decision Making Opt-out NO
Virginia, USA VCDPA Data Sales Opt-out YES
Virginia, USA VCDPA Targeted Advertising Opt-out YES
Virginia, USA VCDPA Profiling Opt-out NO
Connecticut, USA CTDPA Data Sales Opt-out YES
Connecticut, USA CTDPA Targeted Advertising Opt-out YES
Connecticut, USA CTDPA Automated Decision Making Opt-out NO
Colorado, USA CPA Data Sales or Sharing Opt-out YES
Colorado, USA CPA Targeted Advertising Opt-out YES
Colorado, USA CPA Automated Decision Making Opt-out NO
Europe GDPR / ePrivacy Essential Mandatory NO
Europe GDPR / ePrivacy Functional Opt-in NO
Europe GDPR / ePrivacy Analytics Opt-in NO
EuropeAdvertising Opt-in YES

You can do this by implementing your own geolocation via IP detection solution to identify the user’s location and appropriately respect their rights. Or you can use Fides to automate this task and adjust jurisdictions as regulations evolve with ease.

If you're unsure how to setup GPC support you can ask the Fides Slack Community, or get Privacy Engineering Intelligence from Ethyca now.