On Friday, September 27, 2013, Governor Brown signed California Assembly Bill 370 (AB 370), an amendment aimed at strengthening the state’s Online Privacy Protection Act (CalOPPA), into law. AB 370 requires websites and online services that collect personally identifiable information to disclose how they respond to users’ “do not track” requests. We recommend that our clients revise their privacy policies now, as AB 370 is effective immediately.
Current California Law – Section 22575
Additional Disclosure Provisions
AB 370 does not prohibit commercial websites or online services from tracking and gathering personal information from its users. The bill only requires sites to disclose their “do not track” policies. As such, a site may choose to ignore users’ “do not track” requests and still comply with AB 370 as long as the site discloses this policy.
Under AB 370, the following “do not track” provisions have been added to Section 22575:
- If a site or online service collects personally identifiable information from users or tracks online activity, the site must disclose how it responds to web browser “do not track” requests and similar signals that users may employ.
- A site must disclose whether third parties may use the site or service to collect personally identifiable information and information about a user’s online activities over time and across different sites.
Although AB 370 is effective immediately, the “do not track” provisions are covered under the Section 22575 safe harbor that gives websites and online services 30 days to cure any defects after receiving notice of noncompliance.