Delaware has officially joined California in requiring the posting of privacy policies on commercial websites that collect personally identifiable information (PII), which is basically any site that includes a contact or registration form. If your website falls within this broad category, you should be aware of the new law’s requirements.
Delaware’s Online Privacy and Protection Act (DOPPA) went into force on January 1, 2016, and requires website operators to conspicuously post their privacy policies on their site. Like the California law, under DOPPA you must describe the categories of PII you collect from users, and the types of third parties with whom you may share that information. Your policy must also address how your company handles browser-based “do not track” requests, and to explain how users will be informed of any material changes to the policy.
In addition, DOPPA prohibits operators of websites directed to children under the age of 18 from marketing products like alcohol, tobacco, and firearms. Even if your site is not specifically targeted to children, if you have actual knowledge that children use your site, you are required under DOPPA to take reasonable actions to avoid marketing or advertising these products to children.
Finally, DOPPA generally prohibits a book service provider from knowingly disclosing a user’s PII or related information, but allows for some exceptions, including to law enforcement under certain circumstances.