Beginning January 1, 2014, websites and online service operators that collect consumers’ personally identifiable information will likely be forced to update their privacy policies to comply with a new law in California. Existing California law requires website and online service operators that collect personally identifiable information such as names, addresses, or social security numbers, to post privacy policies on their websites. Recently signed into law by the Governor of California, AB 370, “An Act to Amend Section 22575 of the Business and Professions Code, Relating to Consumers” will require website operators to add a section to privacy policies disclosing how they respond to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information.
The new law reflects concerns over the growth in online tracking and data auctions. In the analysis accompanying the law, the California legislature expressed concern over the sale of consumer profiles created from the tracking of data as well as the general lack of consumer awareness of online tracking. Notably, the law does not prohibit tracking; it merely requires companies to make it clear how they respond to consumer requests not to track. Therefore, privacy policies will need to be updated to provide this information.
We are continuing to monitor developments related to the requirements for website operators. Please contact the listed attorneys with questions.