Saturday, November 23, 2024
Lawyers Run The WorldDo Your Privacy Policies Comply with the California Online...

Do Your Privacy Policies Comply with the California Online Privacy Protection Act?

-

- Advertisment -spot_img

The California Online Privacy Protection Act applies to any commercial website, online service or mobile application that collects personally identifiable information from individual consumers residing in California. The Act requires that privacy policies be conspicuously posted, or in the case of an operator of an online service, be made available via a reasonably accessible means.

California has long shaped privacy and data security standards. As such, marketers are well advised to consider related consumer-facing privacy policy requirements, including:

  • Identification of the categories of personally identifiable information collected about individual consumers and the categories of third-party persons or entities with whom the operator may share that personally identifiable information;
  • Disclosing whether a process is maintained for individual consumers to review and request changes to any of his or her personally identifiable information that is collected, and the provision of a description of that process;
  • A description of the process by which consumers are notified of material changes to the privacy policy;
  • Disclosing how the operator responds to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about consumers’ online activities over time and across third-party websites or online services (if the operator engages in that collection);
  • Disclosing whether third-parties on the operator’s website, online service or app (e.g., third-party ad networks or analytics providers) collect personally identifiable information about consumers’ online activity over time and across different sites;
  • Disclosing whether third-parties collect personally identifiable information on the website or app; and
  • Disclosing whether other parties may collect personally identifiable information about consumers’ online activities over time and across different websites.

Note that the Act provides for an alternative method for satisfying the “do not track” disclosure requirement. It states that an operator may satisfy it by providing a clear and conspicuous hyperlink in its privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers consumers that choice.

Personally identifiable information means, without limitation, individually identifiable information about an individual consumer collected online by the operator and maintained in an accessible form (e.g., first and last name, address, email address, telephone number, social security number and any other identifier that permits the physical or online contacting of a specific individual).

The Act also specifies that the term “conspicuously post,” with respect to a privacy policy, shall include posting the privacy policy through any of the following:

  • A page on which the actual privacy policy is posted if the page is the homepage or first significant page after entering the website;
  • An icon that hyperlinks to a page on which the actual privacy policy is posted, if the icon is located on the homepage or the first significant page after entering the website, and if the icon contains the word “privacy.” The icon shall also use a color that contrasts with the background color of the page or is otherwise distinguishable;
  • A text link that hyperlinks to a page on which the actual privacy policy is posted, if the text link is located on the homepage or first significant page after entering the website, and if the text link does one of the following: includes the word “privacy;” is written in capital letters equal to or greater in size than the surrounding text; is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language;
  • Any other functional hyperlink that is so displayed that a reasonable person would notice it; or
  • In the case of an online service, any other reasonably accessible means of making the privacy policy available for consumers of the online service.

An operator of a commercial website or online service that collects personally identifiable information from individual consumers who reside in California shall be in violation of the Act if it knowingly and willfully, or negligently and materially fails to comply.

In addition to the foregoing, website operators must also consider the recently issued FTC Staff Report regarding best practices for cross-device tracking.

The Act is enforceable by the California Attorney General pursuant to the state’s unfair competition law.

Advertising agreements routinely require that networks assume legal liability for ensuring that the privacy and data use practices of its third-party publishers comply with applicable laws and regulations, including the Act.

Consult with an FTC compliance and defense law firm to discuss issues relating to privacy and data protection.

Follow Richard B. Newman on Twitter @ FTC Defense Lawyer.

HINCH NEWMAN LLP. ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result.

Richard B. Newman
Richard B. Newmanhttp://www.hinchnewman.com
Richard B. Newman is an Internet Lawyer at Hinch Newman LLP focusing on advertising law, Internet marketing compliance, regulatory defense and digital media matters. His practice involves conducting legal compliance reviews of advertising campaigns across all media channels, regularly representing clients in high-profile investigative proceedings and enforcement actions brought by the Federal Trade Commission and state attorneys general throughout the country, advertising and marketing litigation, advising on email and telemarketing best practice protocol implementation, counseling on eCommerce guidelines and promotional marketing programs, and negotiating and drafting legal agreements.

What's your opinion?

Latest news

Disney Gets Dirty: Playing in Programmatic’s Muddy Waters

Once upon a time, Disney stood as the epitome of wholesome family entertainment. But now, the House of Mouse...

The Trade Desk’s Ventura: Shaking Up CTV or Just Stirring the Pot?

Connected TV (CTV) just got a wake-up call—or maybe a Molotov cocktail. The Trade Desk has announced Ventura, its new...

From Big Ideas to Tiny Banners: How #Adtech Shrinks the Dream

When I resurrected this newsletter from the ashes of my previous endeavor—dusted it off like some overambitious Frankenstein experiment—I...

The Ad Tech Racket: How The Trade Desk is Taxing Your Campaigns Into Oblivion

Let’s talk about The Trade Desk (TTD) and their latest contribution to the world of advertising—what can only be...

PubMatic Bets Big on Elon’s X: Bold Innovation or PR Suicide?

PubMatic has officially stepped into the lion’s den, announcing its partnership with Elon Musk’s X (formerly Twitter) as its...

The AdTech Wizard of Odds: Gareth Holmes on Streaming Ads, Helicopters, and Unleashing Sweden’s Secret Sauce 

Adtech is often described as a wild west, but Gareth Holmes makes it sound more like Cirque du Soleil—complete...

Must read

The Trade Desk’s Ventura: Shaking Up CTV or Just Stirring the Pot?

Connected TV (CTV) just got a wake-up call—or maybe...

From Big Ideas to Tiny Banners: How #Adtech Shrinks the Dream

When I resurrected this newsletter from the ashes of...

You might also likeRELATED
Recommended to you