As many of our readers already know, California’s new data privacy law went into effect earlier this month on January 1, 2014. The law places strict requirements on operators of websites and other online services that collect certain information about California residents. In addition to addressing other aspects of collecting personally identifiable information (“PII”) from California residents, the new law focuses on the collection and use of “cookies.” For those that are unaware, “cookies” are small files that are stored on users’ computers to track Internet activity and allow online marketers to deliver targeted advertising to them.
Who Must Comply With California’s Data Privacy Law?
The scope of California’s new Internet data privacy law is broad and is applicable to any entity that operates a commercial website or online service that collects California consumer PII. The California Attorney General’s Office has made clear that service providers are specifically excluded from the requirements set forth in the data privacy law.
What Does California’s Data Privacy Law Require?
Concerns with the Internet Data Privacy Law
How do you know that a person visiting your website is a California State resident? Even if you track the person’s IP address, there is no way of really knowing where the person resides. For example, a California resident could be vacationing in New York and visit your website from there. Or, a California resident could work in a neighboring state and access your website from his or her office computer. The only sure way to protect your company is to apply the new California requirements to your website across the board (for all consumers, regardless of location).