California Attorney General Kamala D. Harris has issued a lengthy guidance entitled “Making Your Privacy Practices Public” setting forth, among other things, recommendations about “do not track” practices and other website privacy issues for operators of commercial websites and online services such as mobile apps that collect personally identifiable information about Californians.
" DO NOT TRACK” RECOMMENDATIONS
In the new guidance, Attorney General Harris observes that, in her view, the practice of online tracking is “invisible” to consumers because consumers whose browsers send a DNT signal cannot easily determine how a site or service responds to the signal. To resolve that concern, the guidance advocates that operators provide a description of their online tracking practices and of the possible presence of other parties that may be tracking consumers by:
- Disclosing the presence of other parties that collect personally identifiable information on the website or service, if any are present.
OTHER PRIVACY RECOMMENDATIONS
- Make the policy recognizable by giving it a descriptive title. In the case of a website, for example, the guidance recommends a conspicuous link on the homepage containing the word “privacy.” It says that the link should be in larger type than the surrounding text and in contrasting color or symbols that call attention to it. In addition, there should be a conspicuous “privacy” link on every webpage where personal information is collected, and the policy should be formatted so that it can be printed as a separate document. In the case of an online service such as a mobile application, the policy should be posted on or linked to on the application’s platform page so that users can review the policy before downloading the application.
- Use plain, straightforward language; avoid technical or legal jargon; use sharing, and protection of personally short sentences; use the active use titles and headers to identify key parts of the policy. The guidance also suggests considering having the policy in languages othet than english and using a format that makes the policy readable, including on smaller screens.
- With respect to data collection, the guidance suggests describing how PII is collected and describing the kind of PII collected about users and visitors. The guidance also suggests explaining how PII is used and shared.
- Describe the choices a consumer has regarding the collection, use, and sharing of his or her personal information; consider offering customers the opportunity to review and correct their personal information; and explain how customers can get access to their own personal information if that option is not available.
- Explain how customers’ personal information is protected from unauthorized or illegal access, modification, use or destruction.
- Provide a contact for customers with questions or concerns about privacy policies and practices
THE BOTTOM LINE
California and the California Attorney General are influential in Do Not Track (DNT) and online privacy issues. While the new guidance is not new law, its recommendations should be carefully considered by online services. Regulators are increasing their energies on focusing on privacy and data security issues, so following their recommendations should only have a positive effect.