Beginning in 2011, many of the major web browsers incorporated a “Do Not Track” option that permits consumers to select their on-line tracking preference. Each web browser created a slightly different Do Not Track mechanism, and there is debate concerning whether consumers have a uniform understanding ff what use of the mechanism is intended to accomplish.

Despite the relative recency of the Do Not Track option, and ambiguity concerning consumers’ use and acceptance of it, a new California statute enacted last week requires all commercial websites and online services – including mobile applications – that collect personally identifiable information to disclose how they respond to the Do Not Track signal. As a result of the new statute, companies should consider the following steps to come into compliance:

  • Decide whether or not to honor visitors’ Do Not Track signals (requesting that sites not collect personal information about a consumer’s activities over time and across different websites, like through advertising networks or analytic services); and disclose this in the privacy policy.
  • Determine whether third parties may collect personal information about a visitor’s online activities over time and across different web sites when a consumer uses the operator’s website, mobile app, or service; and disclose this practice in the privacy policy.
  • If a company is a member of a self-regulatory program such as the Digital Advertising Alliance or Network Advertising Initiative, monitor the groups’ rules for changes that reflect the new legislation.
  • Amend company privacy policies to specifically discuss how the company treats Do Not Track selections.