California, like other states, makes online tracking of personal information disclosures required in website privacy policies.
States weigh in on privacy policies
Here’s more information.
In its guidance document, Making Your Privacy Practices Public, California’s Attorney General addresses how websites should disclose their practices regarding collection and use of personal information, including behavioral tracking.
Disclosures of Responses to a Do Not Track Signal
This guidance supplements recent amendments to California’s Online Privacy Protection Act, which require: disclosures of:
- how the website responds to a browser “Do-Not-Track” (DNT) signal or to other mechanisms under which consumers may indicate they do not want their online activities followed, and
- whether third parties may conduct online tracking on the operator’s site or service.
Making Privacy Policies Readable
In drafting privacy policies, companies and legal counsel should make these forms as clear as possible. Many privacy policies “are overly long and difficult to read.”
Privacy policies need to:
- use plain, straightforward language (avoiding technical or legal jargon)
- use a format that makes the policy readable
- make it easy for consumers to find the section on how the company responds to Do Not Track signals
- state whether other parties are or may be collecting personally identifiable information of consumers
- explain data sharing
- describe the choices a consumer has regarding collection, use and sharing of personally identifiable information
- provide contact information for accountability
One of my favorite books during my time at the Iowa Writers Workshop was a Dickens novel about an interminable and absurd lawsuit (sound familiar? I’ve fought a few to settlement).
[The case of] Jarndyce and Jarndyce drones on. This scarecrow of a suit has, in course of time, become so complicated, that no man alive knows what it means. The parties to it understand it least; but it has been observed that no two Chancery lawyers can talk about it for five minutes, without coming to a total disagreement as to all the premises. Innumerable children have been born into the cause; innumerable young people have married into it; innumerable old people have died out of it. Scores of persons have deliriously found themselves made parties in Jarndyce and Jarndyce, without knowing how or why; whole families have inherited legendary hatreds with the suit. The little plaintiff or defendant, who was promised a new rocking-horse when Jarndyce and Jarndyce should be settled, has grown up, possessed himself of a real horse, and trotted away into the other world. Fair wards of court have faded into mothers and grandmothers; a long procession of Chancellors has come in and gone out; the legion of bills in the suit have been transformed into mere bills of mortality; there are not three Jarndyces left upon the earth perhaps, since old Tom Jarndyce in despair blew his brains out at a coffee-house in Chancery Lane; but Jarndyce and Jarndyce still drags its dreary length before the Court, perennially hopeless.
In today’s world, legal language must be crisp and transparent – just like the graphics on today’s websites.
The California Attorney General say so.
The Attorney General summarizes the California Online Privacy Protection Act of 2003 (CalOPPA) as a “privacy landmark,” which:
- applies to all operators of commercial websites and online services that collect “personally identifiable information” about Califronias
- must address online tracking–the collection of personal information about consumers as they move across websites and online services, and must tell consumers how the site responds to “do not track” (DNT) signals by consumers
Privacy policies in mobile apps
Online tracking of personal information disclosures required in website privacy policies, also applies to mobile apps.
The AG references a sample short form notice for mobile apps that was created by a process from the National Telecommunications and Information Administration.
Personally identifiable information
“Personally identifiable information” means information about a consumer, collected online and maintained by the website operator in accessible form, and can include:
- first and last name
- physical address
- email adddress
- phone number
- any other identifier that permits the physical or online contacting of a specific individual
Additional AG Recommendations
AG recommendations include the following areas:
- describing data collection
- describing online tracking
- describing data use and sharing
- describing individual choice and access
- security safeguards
- effective date
- accountability/contact info
Whether you’re in California or otherwise, contact us if you’d like more information about the online tracking of personal information disclosures required in website privacy policies.