After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
For HTTP:
A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.
For JavaScript:
The globalPrivacyControl property is available on the navigator object
GPC also looks like a watered down version of DNT.
DNT was “do not track,” and GPC is "do not sell:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
For HTTP:
For JavaScript:
GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:
Emphasis mine