Monday, September 30, 2013

New Notice Requirement in California Re Do Not Track

In California, the Online Privacy Protection Act, requires a Web site or online service that collects Personally Identifiable Information (“PII”) about California residents to, among other things, state in its privacy policy, not only the types of PII that are collected but also the categories of third parties with whom such PII is shared.
A new amendment, AB 370, was signed into law by Governor Jerry Brown and takes effect on January 1, 2014.  The new law requires that all such Web sites or online services must disclose how they respond to “do not track” features or other mechanisms on Web browsers that provide consumers the ability to exercise choice regarding the collection of PII about an individual consumer’s online activities.

Compliance with this disclosure requirement may be achieved by “providing a clear and conspicuous hyperlink” contained in the privacy policy that links to a description “of any protocol the operator follows that offers the consumer” the choice to opt-out of internet tracking. 

As always, a fundamental consideration is: What is the consequence for non-compliance? Here, it seems the answer is "not much". My sources tell me the privacy advocates feel shafted on this one, getting "only" a notice requirement out of the state legislature and violators receiving a 30 day "cure" period following receipt of notice of non-compliance.


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by Blogger