Online tracking of personal information disclosures required in website privacy policies

California, like other states, makes online tracking of personal information disclosures required in website privacy policies. 

States weigh in on privacy policies

Here’s more information.

In its guidance document, Making Your Privacy Practices Public, California’s Attorney General addresses how websites should disclose their practices regarding collection and use of personal information, including behavioral tracking.

Disclosures of Responses to a Do Not Track Signal

This guidance supplements recent amendments to California’s Online Privacy Protection Act, which require: disclosures of:

  • how the website responds to a browser “Do-Not-Track” (DNT) signal or to other mechanisms under which consumers may indicate they do not want their online activities followed, and
  • whether third parties may conduct online tracking on the operator’s site or service.

Making Privacy Policies Readable

Privacy Practices points out that companies must make “meaningful privacy policy statements” so that consumers can make “informed decisions about which companies they will entrust with their personal information.”

In drafting privacy policies, companies and legal counsel should make these forms as clear as possible.  Many privacy policies “are overly long and difficult to read.”

Privacy policies need to:

  • use plain, straightforward language (avoiding technical or legal jargon)
  • use a format that makes the policy readable
  • make it easy for consumers to find the section on how the company responds to Do Not Track signals
  • state whether other parties are or may be collecting personally identifiable information of consumers
  • explain data sharing
  • describe the choices a consumer has regarding collection, use and sharing of personally identifiable information
  • provide contact information for accountability

One of my favorite books during my time at the Iowa Writers Workshop was a Dickens novel about an interminable and absurd lawsuit (sound familiar? I’ve fought a few to settlement).

[The case of] Jarndyce and Jarndyce drones on. This scarecrow of a suit has, in course of time, become so complicated, that no man alive knows what it means. The parties to it understand it least; but it has been observed that no two Chancery lawyers can talk about it for five minutes, without coming to a total disagreement as to all the premises. Innumerable children have been born into the cause; innumerable young people have married into it; innumerable old people have died out of it. Scores of persons have deliriously found themselves made parties in Jarndyce and Jarndyce, without knowing how or why; whole families have inherited legendary hatreds with the suit. The little plaintiff or defendant, who was promised a new rocking-horse when Jarndyce and Jarndyce should be settled, has grown up, possessed himself of a real horse, and trotted away into the other world. Fair wards of court have faded into mothers and grandmothers; a long procession of Chancellors has come in and gone out; the legion of bills in the suit have been transformed into mere bills of mortality; there are not three Jarndyces left upon the earth perhaps, since old Tom Jarndyce in despair blew his brains out at a coffee-house in Chancery Lane; but Jarndyce and Jarndyce still drags its dreary length before the Court, perennially hopeless.

Fine writing.

But don’t be a Dickens when drafting your privacy policies, and don’t make your privacy policy as thick and obtuse as this old chestnut of a case.

In today’s world, legal language must be crisp and transparent – just like the graphics on today’s websites.

The California Attorney General say so.


The Attorney General summarizes the California Online Privacy Protection Act of 2003 (CalOPPA) as a “privacy landmark,” which:

  • applies to all operators of commercial websites and online services that collect “personally identifiable information” about Califronias
  • requires conspicuous posting of a compliant privacy policy
  • must address online tracking–the collection of personal information about consumers as they move across websites and online services, and must tell consumers how the site responds to “do not track” (DNT) signals by consumers

Privacy policies in mobile apps

Online tracking of personal information disclosures required in website privacy policies, also applies to mobile apps.

Here, the AG recommends that the app “supplement its comprehensive privacy policy with shorter special notices” about the collection of personally identifiable information not necessary for the app’s basic function, or “sensitive information” (such as medical or financial information).

The AG references a sample short form notice for mobile apps that was created by a process from the National Telecommunications and Information Administration.

Personally identifiable information

“Personally identifiable information” means information about a consumer, collected online and maintained by the website operator in accessible form, and can include:

  • first and last name
  • physical address
  • email adddress
  • phone number
  • SSN
  • any other identifier that permits the physical or online contacting of a specific individual

Additional AG Recommendations

AG recommendations include the following areas:

  • scope of the privacy policy
  • making the privacy policy available; for example,apps should post privacy policies on the app’s platform page, so it can be easily reviewed by consumers before they download the app
  • making the privacy policy readable
  • describing data collection
  • describing online tracking
  • describing data use and sharing
  • describing individual choice and access
  • security safeguards
  • effective date
  • accountability/contact info

Whether you’re in California or otherwise, contact us if you’d like more information about the online tracking of personal information disclosures required in website privacy policies.

Book your Legal Strategy Session now
Michael H Cohen Healthcare & FDA Lawyers

Contact our healthcare law and FDA attorneys for legal advice relevant to your healthcare venture.

Start typing and press Enter to search