Privacy policies. They’re a thing of beauty, aren’t they?

The truth is, most online companies play some part in data mining for advertising purposes, either directly (Google) or indirectly (embedded third-party advertising networks). There’s a saying: you either pay for the product, or you are the product.

California doesn’t want to support such ignorance, however. The state’s privacy laws require companies to disclose their data practices, including, as of January 1, 2014, how the company treats DNT. And this past week, the state’s Attorney General’s Office released materials that will help companies comply with the new rules.

California has some of the strictest privacy legislation on the books, and it began with the California Online Privacy Protection Act of 2003 (CalOPPA), a broad law that requires privacy policies to address what personally identifiable information is being tracked, with whom the information is being stored, and whether there is a process for reviewing and requesting changes to that data.

Last year, the law was amended by AB 370 to require a site to disclose how it treats a browser DNT signal and whether other parties might be conducting online tracking on that site or service (the third-party trackers). DNT is a signal, sent by a browser, that tells a site not to track the user’s activity. Unfortunately, almost no sites comply with the voluntary standard, as they rely on advertising revenue.

For many online companies, the best legal practice is to comply with the strictest laws, which means CalOPPA and AB 370 should be accounted for through updated privacy policies. Fortunately, the state is offering help.

‘Making Your Privacy Practice Public’

This month, California Attorney General Kamala Harris’s office released a  guide that provides information on the two laws, as well as tips and recommendations for drafting your own privacy policy. The guide seeks to help companies to “craft privacy policy statements that address significant data collection and use practices, use plain language, and are presented in a readable format,” which should help the nobody reads this anyway issue.

Making Your Privacy Practices Public

If you are an online company, is your privacy policy CalOPPA and AB 370 compliant? Does DNT need more teeth? Join the discussion on Facebook at FindLaw for Legal Professionals.

Related Resources:

  • ‘Do Not Track’ is a Bust, So EFF Debuts ‘Privacy Badger’ (FindLaw’s Technologist Blog)
  • Speaking of Data Breaches, How About That eBay Disaster? (FindLaw’s In House Blog)
  • In-House Attorneys’ Game Plan for Data Breaches and Cybersecurity (FindLaw’s In House Blog)

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Civil Rights

Block on Trump’s Asylum Ban Upheld by Supreme Court

Criminal

Judges Can Release Secret Grand Jury Records

Politicians Can’t Block Voters on Facebook, Court Rules