The California Online Privacy Protection Act of 2003 ("CalOPPA") requires online service providers ("OSPs") to disclose, through a conspicuously posted privacy policy, certain information to consumers regarding the OSP’s collection of personally identifiable information online, in addition to the OSP’s use of that information. The requirements under CalOPPA apply to websites, mobile applications, software, or any other online services that collect personal information, such as names, addresses, or other identifiers, from persons residing in California. 

California recently amended CalOPPA to specifically require OSPs who track consumers’ activities across third-party websites to disclose how they respond to "Do Not Track" signals sent from web browsers, a feature offered by many modern web browsers that signals tracking preferences to OSPs. The amendment further requires an OSP to disclose whether third-parties (e.g., advertisers) may track consumers’ activities across third-party websites through the OSP’s services, an issue that may have been previously unexplored with third-party advertisers. To comply with these new requirements, it would be beneficial to include additional language in the privacy policy disclosing how "Do Not Track" signals are handled. 

These new disclosure requirements take effect on January 1, 2014, and recipients of non-compliance notices will have 30 days to comply with the requirements. The statutory penalty for non-compliance can be up to $2,500 per violation.