Delaware’s New Website Privacy Policy Requirement

Welcome to the Club: Delaware Joins California in Requiring a Website Privacy Policy

DEDelaware has officially joined California in requiring the posting of privacy policies on commercial websites that collect personally identifiable information (PII), which is basically any site that includes a contact or registration form.   If your website falls within this broad category, you should be aware of the new law’s requirements.

Delaware’s Online Privacy and Protection Act (DOPPA) went into force on January 1, 2016, and requires website operators to conspicuously post their privacy policies on their site.  Like the California law, under DOPPA you must describe the categories of PII you collect from users, and the types of third parties with whom you may share that information.  Your policy must also address how your company  handles browser-based “do not track” requests, and to explain how users will be informed of any material changes to the policy.

In addition, DOPPA prohibits operators of websites directed to children under the age of 18 from marketing products like alcohol, tobacco, and firearms.  Even if your site is not specifically targeted to children, if you have actual knowledge that children use your site,  you are required under DOPPA to take reasonable actions to avoid marketing or advertising these products to children.

Finally, DOPPA generally prohibits a book service provider from knowingly disclosing a user’s PII or related information, but allows for some exceptions, including to law enforcement under certain circumstances.

Unless you want to exclude Delaware residents from using your site, be certain to review your own privacy policy to ensure that it meets the Diamond State’s requirements. 

Author: Seth Heyman
Seth D. Heyman is a California attorney with extensive experience in advertising and marketing law, corporate law, contracts, governmental regulations, international business, and Internet law. He has counseled numerous successful companies, both public and private, and was responsible for regulatory compliance, contract management, corporate governance, and HR best practices for multiple organizations in many diverse industries, including marketing, telecommunications, energy, and technology development. He offers insight and guidance on federal and state direct mail, TV, radio, telemarketing, and Internet marketing laws, as well as online promotions, Internet privacy, data protection regulations, and similar matters.
Skip to content