Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking. The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored by CA Attorney General Kamala Harris.
The proposed new law would amend the California Online Privacy Protection Act (“CalOPPA”), which requires that covered websites conspicuously post a privacy policy disclosing certain information and practices. Specifically, the bill adds new requirements that a privacy policy:
- “disclose how the operator responds to Web browser ‘do not track’ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection”; and
- “disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.”
The operator may satisfy the disclosure regarding how the operator responds to do-not-track signals by “providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.”
The CA Attorney General has stated that the proposed new law would help boost awareness of online behavioral tracking so consumers can make informed decisions about their use of a site or service.