Since CalOPPA was enacted in 2003, technology has evolved to permit website operators to engage in sophisticated “behavioral tracking,” which involves collecting data about a user’s activities across multiple websites over time to build a profile of the user’s behavior and interests. The profiles have tremendous value and enable advertisers to tailor communications to a consumer’s real interests and help avoid inundating him or her with unwanted ads. Nevertheless, in response to privacy concerns surrounding the increased use of behavioral tracking, the Federal Trade Commission in 2010 recommended that the digital advertising community “create and implement a mechanism to allow consumers to control the collection and use of their online browsing data, often referred to as ‘Do Not Track.’” By 2013 several major Internet browsers had implemented a Do Not Track mechanism that allows users to request that websites do not track their online activities. To date, however, there is no legal requirement that website operators respect Do Not Track requests.
On September 27, 2013 the California legislature enacted an amendment to CalOPPA to provide consumers with increased transparency regarding websites’ behavioral tracking policies. Specifically, the amendment requires an operator to divulge whether it respects a user’s Do Not Track request and disclose the possible presence of third-party tracking. The amendment does not require an operator to respect a Do Not Track request so long as users are notified of the online tracking policies and can make an informed decision whether to continue using an online website or service that does not respect a Do Not Track request.
Operators receiving notification of noncompliance have 30 days to comply with the amendment. Noncompliance penalties can include fines of up to $2,500 per violation.