Businesses shall be in violation of this subdivision only if the operator fails to post its policy within 30 days after being notified of noncompliance.
- Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
Here are some things business should be doing to prepare for the new law:
- Understand how the business currently uses tracking technologies in the form of cookies, web beacons, advertising cookies and analytics cookies by engaging the marketing and IT departments for discussion and full examination of current in use tracking technologies.
- Develop a comprehensive consumer data strategy so all data use is understood and optimized internally and can be communicated outside the organization to consumers.
- Be prepared to comprehensively explain what third party tracking technologies are in use and explain these technologies to consumers and how consumer data is collected, retained and used.
- If applicable and technologically feasible, provide an explanation to consumers about how they may choose to control or refuse to accept tracking technologies utilized by the business.