Website Owners Must Comply With New California “Do Not Track” Law
December 23, 2013 No Comments
Businesses with websites should take note of a new California law that requires websites that collect personally identifiable information to let users know if they do not respond to users’ “Do Not Track” requests.
The bill, Assembly Bill 370, which was signed into law by Governor Brown in September, amends section 22575 of the California Business and Professions Code, which became law in 2004 and which requires website operators conspicuously to post information about their user data collection practices.
In the past few years there has been growing interest at both the state and federal level in enactment of “Do Not Track” legislation, which would require website operators to obtain permission from users before being able to collect personally identifiable information about them. So far, that legislation has not passed either in the U.S. Congress or in the California legislature.
A.B. 370 is a more modest step than these earlier efforts. It does not require website operators to obtain permission before collecting information about users, nor does it require them to respond to users’ requests not to collect information. Instead, the new law requires website operators to tell users how they respond to signals from users that they do not wish to have personally identifiable information collected. If a user sends a signal to the website operator that the user does not want its personally identifiable information collected, the website may ignore the request, as long as it tells the user what its policy is. (Cal. Bus. & Prof. Code §22575(b)(5).)
Businesses with websites that collect personally identifiable information from users who reside in California should review their website policies to ensure that they post a conspicuous notice letting users know what their policy is for complying with “Do Not Track” requests.