Menu
Get In Touch
Share

Legal Articles

New Year, New Law: Complying with New "Do Not Track" Online Privacy Laws in 2014‎

November 7, 2013

Overview

Under a new California "do not track" law effective January 1, 2014, any operator of a ‎website, online service, or mobile application that collects personally-identifiable information about California ‎residents must include do-not-track disclosures in its privacy policy. Any business operating a ‎website, online service, or mobile application that may be used or accessed by a California resident is subject to the California Online Privacy Protection Act of 2003 (CalOPPA). Given the expansive sweep of this Act, any such business should update and review its privacy policy to ensure that it complies with the requirements of the amended Act.

Assembly Bill No. 370, signed by California Governor Jerry Brown on September ‎‎27, 2013, expands the disclosure requirements under CalOPPA. Currently, Cal. Bus. & Prof. Code Section 22575 ‎requires any operator of a website, online service, or mobile application that collects personally-identifiable ‎information about California residents to have a privacy policy, to include certain disclosures in its privacy policy, and to conspicuously post or otherwise make its privacy policy available to consumers. Personally-identifiable information is defined broadly under the Act to include "any other identifier that permits the physical or online contacting of a specific individual," which, under certain circumstances, includes IP addresses and device identifiers. Under the amended Act, as of January 1, 2014, operators must also disclose (i) their protocol for responding to do-not-track notices from consumers who do not want their online activity tracked; and (ii) their policy regarding other parties' collection of users' personally-identifiable information through the operators' websites, services, or mobile applications.

The new do-not-track provisions of Section 22575 reflect increased federal and state concern over online ‎behavioral advertising, which may run afoul of Federal Trade Commission (FTC) prohibitions against ‎unfair and deceptive trade practice in addition to state privacy laws. Online behavioral advertising is the practice of serving ‎targeted advertisements to consumers by tracking their online activity over time and across multiple websites or applications. The FTC ‎has advised that website operators and advertisers who use online behavioral advertising provide consumers with notice and choice regarding the tracking and use of online behavior. To exercise choice, consumers can use browser do-not-track signals and similar mechanisms to prevent the tracking of their online activity.

Operators that collect personally-identifiable information from California residents who use or access the operators' websites, services, or applications have until the end of 2013 to create or update their privacy policies to comply with the new law. Businesses and individuals affected by these requirements may consider engaging legal counsel to assist in developing necessary response protocols and complying with existing and newly-enacted federal and state laws.

For further information regarding privacy and security concerns involving collecting, processing, disclosing, and storing consumer data via the Internet, social networking sites, and mobile devices, please contact the attorney with whom you work or Yvonne Tingleaf at 503-796-2902 or ytingleaf@schwabe.com or Alexandra Bodnar at 503-796-2408 or abodnar@schwabe.com.

Professionals

Written By

Share