Kamala Harris, the California Attorney General, recently released guidance for complying with California's new Do Not Track requirements which took effect January 1, 2014.
- how the operator responds to Internet browser Do Not Track (DNT) signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer's online activities over time and across third-party websites or online services, if the operator engages in that collection; and
- whether other parties may collect personally identifiable information about an individual consumer's online activities over time and across different websites when a consumer uses the operator's website or service.
Although CalOPPA does not define "online service," the Attorney General has stated that a mobile application is one type of online service.
- Make it easy for a consumer to find the section in which you describe your policy regarding online tracking by labeling it, for example, "How We Respond to Do Not Track Signals," "Online Tracking" or "California Do Not Track Disclosures."
Questions to consider in describing your response:
- Do you treat consumers whose browsers send a DNT signal differently from those without one?
- Do you collect personally identifiable information about a consumer's browsing activities over time and across third-party web sites or online services if you receive a DNT signal?
- If you do continue to collect personally identifiable information about consumers with a DNT signal as they move across other sites or services, how do you use the information you obtain?
Questions to consider in providing a link to a program:
- Do you comply with the program?
- Does the page to which you link contain a clear statement about the program's effects on the consumer, i.e., whether participation results in stopping the collection of a consumer's personally identifiable information across web sites or online services over time?
- Does the page to which you link make it clear what a consumer must do to exercise the choice offered by the program?
- State whether other parties are or may be conducting online tracking of consumers or visitors while they are on your site or service.
In developing your statement on other parties, consider the following issues:
- Are only approved third parties on your site or service collecting personally identifiable information from consumers who use or visit it?
- How would you verify that authorized third parties are not bringing unauthorized parties to your site or service to collect personally identifiable information?
- Can you ensure that authorized third-party trackers comply with your Do Not Track policy? If not, disclose how they might diverge from your policy.
- Confirm your tracking practices with those responsible for your site's or service's operations to ensure that your practices correspond to what you say in your policy.