New Guidance on the New Website Privacy Requirements

Those of you who read this blog regularly know that I've previously written about how a few states have their own website privacy rules, and expressed the widely-held view that California's are the most rigorous. I have also explained that websites directed at U.S. audiences generally need to comply with California's strict rules.

Image source material  Truthout / Foter.com

A few weeks ago, I wrote about a new website privacy law that amends California's existing Online Privacy Protection Act, which became effective at the first of the year.

 

Last week, California's Attorney General published some guidance to aid organizations in complying with the recent changes in California privacy law.   The portion of the guidance that relates to the newest requirements offers the following general recommendations:

• Make it easy for a consumer to find the section in which you describe your policy regarding online tracking by labeling it, for example: "How We Respond to Do Not Track Signals," "Online Tracking" or "Do Not Track Disclosures." 
• Describe how you respond to a browser’s Do Not Track signal or to other such mechanisms. This is more transparent than linking to a "choice program."
• State whether other parties are or may be collecting personally identifiable information of consumers while they are on your site or service.
• Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of an online service.
• Whenever possible, provide a link to the privacy policies of third parties with whom you share personally identifiable information.

More specific recommendations are included in the guidance relating to these and other aspects of California privacy law.

Organizations that have a nationwide audience should update their website privacy policy statements in light of the new rules and guidance, if they have not already.