Skip to main content
Legal Alert

New Legal Requirements For Website Privacy Policies Beginning January 1, 2014

New Legal Requirements For Website Privacy Policies Beginning January 1, 2014

Beginning January 1, 2014, California will require an operator of a commercial website or online service to disclose how it responds to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information about an individual consumer’s online activities.  The operator must also disclose whether other parties may collect personally identifiable information when a consumer uses the operator’s website or online service.  The new law does not require websites or online services to honor "do not track" requests.

An operator of a commercial ebsite or online service using the Internet to collect personally identifiable information about individual consumers residing in California who use or visit its commercial website or online service must also conspicuously post its privacy policy on its website.

As of January 1, 2014, the privacy policy of the website or online service must do all of the following:

  1. Identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its website or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.
  2. If the operator maintains a process for an individual consumer who uses or visits its website or online service to review and request changes to any of his or her personally identifiable information that is collected, then the operator must provide a description of that process.
  3. Describe the process by which the operator notifies consumers who use or visit its website or online service of material changes to the operator’s privacy policy.
  4. Identify the policy’s effective date.
  5. Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party websites or online services, if the operator engages in that collection.  An operator may satisfy this requirement by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description of the operator's response, including the effects of any program or protocol the operator follows that offers the consumer that choice.
  6. Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different websites when a consumer uses the operator’s Web site or online service.

Given that the California Attorney General sponsored this legislation, it is likely the enforcement of these privacy issues will be an ongoing focus.  Commercial websites and online service providers should revise their privacy policies to comply with the new law prior to January 1, 2014.  Hanson Bridgett serves as counsel to a wide variety of website owners and would be happy to assist with making sure your privacy policy complies with the new law.

For More Information, Please Contact:

Jonathan Storper
Jonathan Storper
Partner
San Francisco, CA