On January 1, 2014, California Assembly Bill 370 will go into effect, requiring operators of websites and other online services, including mobile applications, to provide new disclosures in their website privacy policies about online tracking. Operators will be required to disclose whether third parties collect certain information about California residents over time and across different websites when those residents use the operators’ sites and services. The law also requires that operators disclose how they respond to do-not-track signals or other mechanisms designed to provide consumers with choices relating to such activities. Although the law is limited to online services directed to California, it provides a de facto national standard for websites that do not provide separate privacy disclosures based on location.
In the coming weeks, the California Attorney General is expected to release best practice guidelines for compliance with the law. This guidance may or may not include a strict interpretation of these and other compliance issues. Regardless of this forthcoming guidance, operators will be expected to comply as of the January 1 effective date.
While businesses can take some comfort in the fact that California provides 30 days to address alleged deficiencies raised by the Attorney General before any fines may be imposed, non-compliance eventually can result in fines of up to $2,500 per violation.