Website Owners Must Comply With New California “Do Not Track” Law

December 23, 2013   Steve Davis   Ecommerce, Internet Law, Privacy   No Comments

Businesses with websites should take note of a new California law that requires websites that collect personally identifiable information to let users know if they do not respond to users’ “Do Not Track” requests.

The bill, Assembly Bill 370, which was signed into law by Governor Brown in September, amends section 22575 of the California Business and Professions Code, which became law in 2004 and which requires website operators conspicuously to post information about their user data collection practices.

In the past few years there has been growing interest at both the state and federal level in enactment of “Do Not Track” legislation, which would require website operators to obtain permission from users before being able to collect personally identifiable information about them. So far, that legislation has not passed either in the U.S. Congress or in the California legislature.

A.B. 370 is a more modest step than these earlier efforts. It does not require website operators to obtain permission before collecting information about users, nor does it require them to respond to users’ requests not to collect information. Instead, the new law requires website operators to tell users how they respond to signals from users that they do not wish to have personally identifiable information collected. If a user sends a signal to the website operator that the user does not want its personally identifiable information collected, the website may ignore the request, as long as it tells the user what its policy is. (Cal. Bus. & Prof. Code §22575(b)(5).)

The new law further provides that the new “Do Not Track” disclosure requirement can be satisfied by inserting a “clear and conspicuous” hyperlink in its privacy policy to another online location that describes the operator’s response to “Do Not Track” requests. (Cal. Bus. & Prof. Code §22575(b)(7).)

Businesses with websites that collect personally identifiable information from users who reside in California should review their website policies to ensure that they post a conspicuous notice letting users know what their policy is for complying with “Do Not Track” requests.

Leave a Comment

You can be the first to comment!

New D&L Article: Davis To Assess Impact Of Recent NSA Data Collection Cases On Privacy