Blog Post / Privacy & Security Law Blog
CA Legislation Will Require Commercial Websites to Disclose "Do Not Track" Practices
By Paul Glist
09.05.13
By Paul Glist and Christin S. McMeley
Last week, the California State Senate and Assembly passed AB 370, a bill to amend the California Online Privacy Protection Act (CalOPPA) that would require operators of commercial websites or “online services” to disclose how the site responds to “do not track” signals sent by web browsers, which in turn will trigger enforceability by federal and state authorities. The amendment is expected to be signed by Governor Jerry Brown. Currently, there is no agreed upon definition of tracking, sharing, or permitted uses when a DNT preference is expressed. Nor is there agreement on the propriety of devices or user agents (rather than informed consumers) setting DNT signals by default.
In addition to the existing requirements California law places upon operators of commercial websites and online services, AB 370 would add two additional requirements:
- Disclose how the website or online service “responds to ‘do not track’ signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across different Web sites or online services;”
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities when a consumer uses the operator’s Web site or service.