California’s AB 370, if signed by Gov. Jerry Brown, would be the first piece of legislation in the world directly addressing “do not track” (“DNT”) to become law. It has passed both houses of the California Legislature and would likely take effect in January. The bill, which would amend California’s existing Online Privacy Protection Act (“CalOPPA”), requires website operators to explain how they respond to DNT signals or “other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.”
Like California’s data breach notification law, this would be a disclosure law, not a law creating new consumer rights or imposing substantive requirements on companies. That said, like the data breach notification law before it, its aim seems to be to pressure companies to make substantive changes (here, by responding to DNT signals; in the case of the breach notification law, by developing better data security practices to reduce the frequency of embarrassing disclosures).
Please see full publication below for more information.