McNees Client Alert
December 27, 2013
Publications
California to Require Website and Online Service Operators to Disclose Treatment of Do Not Track Requests
On September 27, 2013 California A.B. 370 was signed into law. It becomes effective January 1, 2014. This law amends California’s online privacy policy law to require that websites and other online services disclose how they respond to consumer “do not track” requests, including any program or application used to provide consumers with a “choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.” The new law applies to any website used by Californians, meaning nearly every website will have to comply.
The A.B. 370 “do not track” disclosure may be complied with simply by “providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.” The benefits of A.B. 370 may seem limited as it only requires disclosure and not that a website operator actually honors a “do not track” request. However, there is not an agreed upon standard for browser do not track functions and there are some website operators that maintain tracking features even if the user’s browser is set to a “do not track” status. Thus, the law is intended to actively inform website and application users of whether the “do not track” functions of their browser will be effective. A.B. 370 merely requires disclosure, it does not require that website/service operators actually comply with “do not track” features of browsers.
Action Steps:
- Commercial website or online service operators should evaluate their privacy policies to ensure such policies disclose how the services respond “to Web browser ‘do not track’ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if operator engages in that collection.”
- Commercial website or online service operators should also ensure their policies “disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.”
For questions about intellectual property legal issues including website service policies or terms of use, contact Brian Gregg at McNees Wallace & Nurick LLC ( bgregg@mwn.com, 717-237-5456).
© 2013 McNees Wallace & Nurick LLC
McNees Client Alert is presented with the understanding that the publisher does not render specific legal, accounting or other professional service to the reader. Due to the rapidly changing natur of the law, information contained in this publication may become outdated. Anyone using this material must always research original sources of authority and update this information t ensure accuracy and applicability to specific legal matters. In no event will the authors, the reviewers or the publisher be liable for any damage, whether direct, indirect or consequential, claimed to result from the use of this material.