The California Online Privacy Protection Act of 2003 (“CalOPPA”) has long required online service providers (“OSPs”) to provide certain information to consumers regarding the collection of personally identifiable information online, and how that information is used. CalOPPA’s requirements apply to websites, mobile applications, software, or any other online service that collects personal information (i.e., names, addresses, etc.) from California residents.
California recently amended CalOPPA to specifically require OSPs who track consumers’ activities across third-party websites to disclose how they respond to Do Not Track (“DNT”) signals. A DNT signal is essentially a request sent by a web browser to a website on behalf of a consumer it directed there, asking the website not to track that particular consumer’s online activity. DNT signals are currently supported by Internet Explorer 9, Firefx, Safari, Opera, and Google Chrome, but OSPs are in no way obligated to abide by these requests.
The amended rules also require an OSP to disclose whether activities across third-party websites are shared with third-parties, such as advertisers. These new disclosure requirements take effect on January 1, 2014, and recipients of non-compliance notices will have 30 days to comply, or face penalties of up to $2,500 per violation.
Regardless of whether they track consumer activity across third-party websites, OSPs should incorporate additional language in their online privacy policies to inform people about how they respond to DNT signals. For the overwhelming bulk of websites that do not incorporate tracking technologies, something along the lines of “This website does not track your online activities over time and across third-party Web sites. Because we do not employ tracking technology, we offer no response to “Do Not Track” requests transmitted by Web browsers”.
Website operators should also take note of the fact that, unlike the Federal government, California has led the way on addressing online privacy issues, and many other states are likely to follow the Golden State and impose similar protections for their own citizens.