Global Privacy Control -> W3C work
If you're interested in getting involved in the Global Privacy Control Spec, you can join the W3C Privacy CG https://www.w3.org/community/privacycg/, and participate in the GPC discussion here: https://github.com/privacycg/proposals/issues/10
I sent my concerns to the Certification WG last week so won't repeat them all here.
My main problem with the spec is that it is functionally an opt out--meaning that the individual must take an action to deliberately opt out of selling data. Once again, the burden is put on the individual.
A central thesis in CCPA and the folks drafting the spec seems to be that "Privacy by default is great but has even more legal teeth with this preference chosen explicitly." [quote from issue in github by Henry Lou]
Richard and I discussed this a bit earlier in the year, and I'm still confused about the legal foundation for this assertion, and why it's being framed like this. Wouldn't Privacy by default be kinder, and more respectful? Better?
In any case, I highly encourage you to get involved directly in the work. (Because there's a lot of interesting stuff happening in the Privacy CG.)