The California Legislature recently passed a bill that makes changes to the state’s Online Privacy and Protection Act. Although the bill has not yet been signed by Governor Jerry Brown, if enacted it could technically affect all nationally- or internationally-focused website (since the Act applies to any website accessible in California). The bill would amend the Act to require website operators to amend their sites’ Privacy Policy to disclose their efforts to track users across third-party websites. Specifically, website operators must: – “Disclosure whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service” – “Disclosure how the operator responds to Web browser ‘do not track’ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection” If the bill is signed into law (which is expected any day now), websites with a national or international reach, particularly if the operators are based in California, or the websites are particularly targeted to California users, or the websites do most of their business with California users, should ideally ensure that their privacy policies are updated to cover the issues brought up by the bill. Fortunately, the law would also give website operators who are notified by California regulators as being noncompliant a 30-day grace period to amend their privacy policies before they would be in violation of the law.
Leave a Reply