From c2436f7a1eb1b2033adb5c0eb64171430f0b3d1f Mon Sep 17 00:00:00 2001
From: Jeffrey Yasskin <jyasskin@google.com>
Date: Tue, 22 Apr 2025 18:58:06 +0000
Subject: [PATCH] Align all descriptions of GPC to say it's meant to restrict
 sale and sharing of data.

And mention that regulators haven't always followed that intention.
---
 index.html | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/index.html b/index.html
index fbc6e73..4c9e57b 100644
--- a/index.html
+++ b/index.html
@@ -115,7 +115,7 @@ <h2>Introduction</h2>
         services. While this architecture can be used in the service of better Web experiences,
         it can also be abused to violate privacy ([[?privacy-principles]]). While data can be shared
         with service providers for limited operational purposes, it can also be shared with third
-        parties or used for behavioral targeting in ways that many users find objectionable.
+        parties in ways that many users find objectionable.
       </p>
       <p>
         Several different legal frameworks have been proposed or enacted by jurisdictions around
@@ -144,8 +144,8 @@ <h2>Introduction</h2>
         difficulty of scaling user choices by providing a way to universally signal to all website
         publishers, through an HTTP header
         or the DOM, a person's assertion of their applicable rights to prevent the sale of their data,
-        the sharing of their data with third parties, and the use of their data for cross-site targeted
-        advertising. This signal allows users to take advantage of specific provisions in some of these
+        and the sharing of their data with third parties.
+        This signal allows users to take advantage of specific provisions in some of these
         opt-out based laws, such as, for example, the provisions relating to "opt out preferences
         signals" in the California Consumer Privacy Act. [[?CCPA-REGULATIONS]].
       </p>
@@ -161,7 +161,7 @@ <h2>Definitions</h2>
       <p>
         A <dfn>do-not-sell-or-share interaction</dfn> is an interaction with a website in which the
         person is requesting that their data not be sold to or shared with any party other than the
-        one the person intends to interact with, or to have their data used for cross-site ad targeting,
+        one the person intends to interact with,
         except as permitted by law.
       </p>
       <p>
@@ -396,8 +396,10 @@ <h2>GPC Support Representation</h2>
       <h2>Legal Effects</h2>
       <p>
         The GPC signal was designed to allow users to take advantage of legal rights to stop certain
-        sharing or processing of their data. As such, the sending and receipt of a GPC signal may
-        have legal effects, depending on factors such as the location of the individual sending the
+        sale or sharing of their data. However, some jurisdictions have decided to also use it as a
+        prohibition against cross-site targeted advertising, even when such advertising does not
+        involve the selling or sharing of data. As such, the sending and receipt of a GPC signal may
+        have a variety of legal effects, depending on factors such as the location of the individual sending the
         signal, the scope of the applicable law, as well as any separate agreement between the
         recipient of the signal and the individual. For additional details on legal effects, 
         <a href="https://w3c.github.io/gpc/explainer" target="_blank">consult the Legal and
@@ -412,7 +414,7 @@ <h3>United States Privacy Law</h3>
         GPC was originally created to take advantage of new opt-out privacy laws in the United State.
         Starting with the enactment of the California Consumer Privacy Act in 2018, several U.S. states
         have passed privacy laws that give consumers the legal right to opt out of the sale or share of
-        their data, or the use of their data for cross-context targeted advertising. Many of those state
+        their data. Many of those state
         laws make explicit provision for the exercise of those rights through universal opt-out mechanisms
         such as the GPC. At least four states have specifically identified GPC as a valid means to exercise
         legal opt-out rights. A minority of states provide for rulemaking procedures to allow regulators
@@ -430,7 +432,7 @@ <h3>Other Jurisdictions and Privacy Rights</h3>
       </p>
       <p>
         Other US state privacy laws, such as those in Virginia and Utah, give consumers new opt-out
-        rights around data sales and targeted advertising but are silent on the legal effect of
+        rights around data sales but are silent on the legal effect of
         global opt-out signals. Regulators enforcing those statutes may determine that a user
         activating a signal such as GPC may be sufficient to legally exercise opt-out rights in
         those jurisdictions.
@@ -457,7 +459,7 @@ <h2>User Interface Language</h2>
           preference for the Global Privacy Control value. While studies have shown that people do not
           want their data sold or shared, some jurisdictions have enacted "opt-out" legal frameworks
           where consumers have to take an affirmative action to express a [=preference=] to limit data
-          sharing of the use of their data for targeted advertising.
+          sharing.
         </p>
         <p>
           Different jurisdictions have different prerequisites before a platform can enable a universal