California Attorney General Issues Privacy Policy Guidance

On May 21, 2014, the California Attorney General’s Office (CA AG) issued guidance regarding online privacy policies entitled Making Your Privacy Practices Public: Recommendations on Developing a Meaningful Privacy Policy (Guidance). The Guidance offers suggestions for website operators to take into account when drafting privacy policies in compliance with California’s Online Privacy Protection Act (CalOPPA). The Guidance offers recommendations on ten aspects of privacy policies, but states that it does not represent new regulations, mandates, or legal opinions.  These aspects are:

  • Scope of the Policy;
  • Availability;
  • Readability;
  • Data Collection;
  • Online Tracking/Do Not Track (DNT);
  • Data Use and Sharing;
  • Individual Choice and Access;
  • Security Safeguards;
  • Effective Data; and
  • Accountability.

While the Guidance offers recommendations on all aspects of privacy policies, a primary focus is placed on how to comply with the new DNT provisions. While not binding, the Guidance recommends that website operators disclose clearly how they respond to DNT signals, and how the website may use information collected through online tracking. The Guidance also suggests that website operators that comply with CalOPPA by posting links to third-party DNT programs or protocols should disclose if the website participates in such programs and should check if the linked page discloses how a choice may be made regarding online tracking.