While the likelihood of a consumer privacy bill coming out of Congress are slim, California recently passed a groundbreaking ruling on consumer privacy legislation.
At the end of August, the California Senate and Assembly unanimously approved an amendment (A.B. 370) to the California Online Privacy Protection Act that requires commercial websites and services that collect personal data to disclose how they respond to “Do Not Track” signals from web browsers.
This amendment was first introduced by California Assemblyman Al Muratsuchi and sponsored by Attorney General Kamala Harris, who is best known for aggressively pursuing consumer privacy enforcement actions. State Governor Jerry Brown is expected to sign the amendment.
What is the AB370?
Although it’s referred to as a Do-Not-Track law, the bill doesn’t actually prohibit tracking, which disappoints most privacy advocates that would prefer laws – both federal and state – mandate Do-Not-Track standards.
However, this bill does stand to change things for websites that track consumer web activity for advertising or other purposes. Friel commented:
“Many websites, mobile apps, ad networks and other online services will need to update their policies. Companies need to make sure privacy statements are accurate and if they are in self-regulatory programs, such as the Digital Advertising Alliance, make sure they are following those practices.”
- “Disclose how the operator responds to web browser do-not-track signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party web or online services, if the operator engages in that collection.
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer sues the operator’s website or service.
As the law is silent on specific Do-Not-Track standards or practices, the consumer privacy debate is still wide open. However, it does require websites to choose sides – either they will honor or ignore Do-Not-Track browser signals.
The W3C’s tracking protection working group has been spending the past two years attempting to reach a consensus for a Do-Not-Track browser standard. During that time, Microsoft and Mozilla forged ahead with Do-Not-Track browsers. As those solutions were “on” by default, the DAA members have said that they would not honor the browser Do Not Track signal.
California’s Attorney General has commented that the proposed new law would help boost awareness of online behavioral tracking, aiding consumers in making informed decisions about their use of a site or service.
This article provides discussion on Californian amendment (A.B. 370), which modifies the California Online Privacy Protection Act, requiring commercial websites and services that collect personal data to disclose how they respond to Do-Not-Track signals from web browsers.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US), a privacy professional should be comfortable with topics related to this post, including:
- State attorneys general (I.A.d.vi.)
- Self-regulatory programs (I.A.d.vii.)
- Self-regulatory enforcement (I.B.h.)
- State privacy laws (V.)