How to comply with California’s Do Not Track law?


A new California law went into effect January 1, 2014 that governs how websites deal with online privacy. If I’m not based in California, does my website still have to comply with it?

Topic: Legal
Answer this Question


2 total
Vote Up (5)

AB370: California's "Do Not Track" Law

"On September 27, 2013, the California governor signed into law AB370, an amendment to the California Online Privacy Protection Act of 2003 ("CalOPPA")1. CalOPPA requires owners of commercial websites and online service providers ("operators") to conspicuously post a privacy policy. The privacy policy must disclose to consumers, among other things, the categories of personally identifiable information (PII)2 the operator collects and with whom the operator shares such information. Operators affected by CalOPPA include website operators and, as interpreted by the California Office of Attorney General, operators of software and mobile apps that transmit and collect PII online.3

AB 370 requires an operator that collects PII about an individual consumer's online activities over time and across third party websites and online services to disclose in its privacy policy how the operator responds to browser "do not track" signals or other mechanisms that provide consumers with choice regarding the collection of such information. As an alternative, the operator may provide a hyperlink to a webpage with a description, including the effects, of any program or protocol the operator follows that offers consumers a choice about online tracking. The amendment does not require operators to respond to "do not track" signals or to honor a consumer's choice not to be tracked. Further, AB 370 does not define what it means to "do not track" nor does it describe what might constitute a "do not track" signal or other tracking mechanisms."

Vote Up (5)

The way I understand it, if people from California are accessing your website and you collect any information, it could apply to you. It’s not that big of a deal to comply with, it is like the privacy notifications on European websites, except you also have to disclose whether your site honors “Do Not Track” requests. There is a potential $2500 penalty for non-compliance. I don’t have a problem with the law, it seems pretty fair to me. Some lawyers wrote an article about it, if you want to read more.

Ask a question

Join Now or Sign In to ask a question.
Typo halted the sale of its add-on keyboard for the iPhone on Tuesday after an injunction took effect that bans it from being imported to the U.S.
Wireless carriers in the U.S., handset makers and the industry's lobbying group have made a significant concession on technology that could remotely disable stolen smartphones and tablets.
After dragging its feet for months, Apple is finally making good progress on a court-ordered antitrust compliance program related to the U.S. Department of Justice's e-book price-fixing case against the company, an external monitor said.
A Brussels court has banned Uber from operating its ride hailing service in the city because its drivers don't have a taxi license, local media reported Tuesday. If it flouts the ban, Uber must pay a penalty of €10,000 (US$13,800) per violation.
Mt. Gox CEO Mark Karpeles, who was ordered to appear before a U.S. bankruptcy court to answer questions, has asked for a postponement of his deposition.
Google has updated its terms of service to reflect that it analyzes user content including emails to provide users tailored advertising, customized search results and other features.
BlackBerry has asked a California court to immediately block sales of an add-on iPhone keyboard made by Typo, alleging the startup backed by TV and radio personality Ryan Seacrest misled the court.
Andrew Auernheimer, known online as "weev," has won an appeal against his conviction for exploiting a vulnerability in AT&T's website to collect the email addresses of Apple iPad users. The 2010 incident earned him a 41-month prison sentence.
Samsung's lawyers tried to put a human face on Google's Android development efforts as they opened their defense Friday against Apple's patent infringement claims and its demand for US$2.2 billion in damages.
Apple outlined for the first time on Friday how it came up with the US$2.2 billion in damages that it wants a California jury to award it for Samsung's alleged "massive infringement" of five Apple patents.
Join us: