The policy states that Target processes Global Privacy Control browser signals as valid opt-out requests from consumers for the sale or sharing of personal information.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Recognition of GPC signals as valid opt-out requests is required under CPRA regulations for businesses subject to CCPA/CPRA; this provision creates an operational obligation to implement technical GPC signal recognition consistently across all digital surfaces and to honor those signals within the 15-business-day response period.
This provision establishes that consumers using GPC-compatible browsers can automatically signal an opt-out of the sale or sharing of personal information to Target without submitting a separate privacy request; the opt-out applies to data sale and sharing for advertising purposes as described in the policy.
How other platforms handle this
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
Redfin may offer interactive features such as chat services, forums, and social media pages. We may collect the information you submit or make available through these features. Any content you provide on the public sections of these channels will be considered "public" and will not be subject to the...
Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We process Global Privacy Control signals as opt-out requests for the sale or sharing of personal information.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: CPRA regulations require businesses subject to CCPA to recognize and process GPC signals as valid opt-out requests for the sale or sharing of personal information. The California Privacy Protection Agency (CPPA) has cited GPC non-compliance in enforcement actions. The FTC Act may apply to deceptive representations about opt-out mechanism availability and functionality. 2. GOVERNANCE EXPOSURE: Medium. While the policy states GPC signals are processed, the technical implementation must ensure that GPC signals are recognized at the point of data collection (including advertising tags and analytics scripts) rather than only post-collection. If advertising tags fire before GPC signals are evaluated, the opt-out is not operationally effective. The CPPA has identified this implementation gap in prior enforcement contexts. 3. JURISDICTION FLAGS: California creates the most defined obligation under CPRA. Colorado's CPA also references browser-based opt-out signals. Other state statutes are developing analogous requirements. The GPC requirement applies to California residents regardless of whether they use a California IP address. 4. CONTRACT AND VENDOR IMPLICATIONS: GPC signal processing requires that advertising and analytics vendors integrated into Target's digital properties receive the GPC signal and suppress data collection or sharing accordingly. Vendor tag management systems must be configured to evaluate GPC status before firing any data-sharing tags. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether: GPC signals are evaluated at page load before advertising and analytics tags are initiated; GPC signal recognition is implemented across all Target digital properties including mobile web; the technical implementation is documented and auditable; and the policy's representation that GPC is processed is verified against actual tag management configuration.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Recognition of GPC signals as valid opt-out requests is required under CPRA regulations for businesses subject to CCPA/CPRA; this provision creates an operational obligation to implement technical GPC signal recognition consistently across all digital surfaces and to honor those signals within the 15-business-day response period.
This provision establishes that consumers using GPC-compatible browsers can automatically signal an opt-out of the sale or sharing of personal information to Target without submitting a separate privacy request; the opt-out applies to data sale and sharing for advertising purposes as described in the policy.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.