Sec-GPC sets a default that users' data shouldn't be sold or shared, but users can have a special relationship with a certain site that overrides that default. The spec should say something like
A do-not-sell-or-share preference is when a person requests that their data "not be sold or shared" by default, unless they have informed a specific website that they want to override that default. This overriding preference is not necessarily communicated using the same format or channel as the original default.
Sec-GPC sets a default that users' data shouldn't be sold or shared, but users can have a special relationship with a certain site that overrides that default. The spec should say something like