Skip to content

CalOPPA Amendment: What “Do Not Track” Means for You

The previous iteration of the California Online Privacy Protection Act (CalOPPA) requires, among other things, that website operators who collect personally identifiable information (PII) about individuals residing in California conspicuously display a privacy policy.  Additionally, this privacy policy must identify the categories of PII that the website operator collects as well as any third party with whom the operator may share this information.  As you may recall, Delta Airlines came under fire last year for not having a privacy policy for their mobile app.

CalOPPA was amended and signed into law on September 27, 2013, and went into effect on January 1, 2014.  California law makers did not do away with the previous version of CalOPPA, but rather added to it.  Now, website operators who collect PII from California residents will be required to disclose how they respond to “Do not track signals” or other mechanisms that allow users to choose how their PII is collected regarding their online activities on and across third-party web sites or online services.  It should be no surprise that there is a growing public concern for privacy on the Internet, and as the average user becomes more sophisticated they are learning more about the value of their privacy.  As a result, many consumers are choosing not to have their online behavior tracked when given the choice.

The existing law and the amendment can be found at the California Legislative Information website in their entirety for your review, and the portion relevant to the new amendment can be found below.  Among other things, the operator must:

(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.

(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.

(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

Understanding how your business will approach this is critical. If you collect PII from California residents for the purposes of tracking users’ online activity, this is something to pay attention to.  For any questions regarding the information above, please contact us.

By Taylor Hume

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: