California Enacts Law Requiring "Do Not Track" Disclosures


California, which has historically been at the forefront of consumer online privacy, has once again stepped ahead of other states and the federal government, enacting an amendment to the state's current online privacy law, California's Online Privacy Protection Act (CalOPPA), that requires commercial websites and online service providers to disclose how they respond to "do not track" signals from Internet browsers.

The state's Assembly and Senate approved the bill (AB 370) that requires commercial websites and online services to disclose how they respond to an Internet browser's "do not track" signals and whether and how third parties collect personally identifiable information from consumers who visit those sites. The bill was signed into law Sept. 27, 2013 and applies to any operator of commercial websites or online services that collects personally identifiable information about a California resident, whether the operator is physically based in California or not.

CalOPPA currently requires a website operator to conspicuously post its privacy policy and mandates certain information to be included in that policy. The amended law expands the required disclosures in two important ways. First, if an operator engages in the collection of personally identifiable information, its privacy policy must now disclose how the operator responds to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer's online activities over time and across third-party websites or online services. An operator may satisfy this requirement by providing a clear and conspicuous hyperlink in the operator's privacy policy to an online location setting forth a description (including the effects) of any program or protocol the operator follows that offers the consumer that choice. Second, the policy must disclose whether any third parties may collect personally identifiable information about the individual consumer's online activities when the consumer uses the operator's website or service.

Given the strong stance California Attorney General Kamala Harris has taken that her office interprets CalOPPA's reference to "online services" to include mobile applications, it is likely that her office's Privacy Enforcement and Protection Unit would consider the amended CalOPPA language to apply to mobile apps for both compliance and enforcement purposes.

This new requirement provides online and mobile businesses with an opportunity to revisit their tracking practices and data optimization strategies; and update their privacy policies to ensure that they are addressing this and other recent developments in this area.

Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Loeb & Loeb LLP | Attorney Advertising

Written by:


Loeb & Loeb LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.