California Poised to Get Do Not Track Disclosure Law

Websites must disclose response to Do Not Track signals

The chances of a consumer privacy bill coming out of Congress any time soon are slim, but that hasn't stopped California, which continues to forge new ground when it comes to consumer privacy legislation.

At the end of August, the California Senate and Assembly passed an amendment (AB370) to the California Online Privacy Protection Act that will require commercial websites and services that collect personal data to disclose how they respond to Do Not Track signals from Web browsers.

It was introduced by California Assemblyman Al Muratsuchi and sponsored by Attorney General Kamala Harris, who has been making a name for herself by aggressively pursuing consumer privacy enforcement actions. Governor Jerry Brown is expected to sign the amendment.

Although referred to as a Do Not Track law, the bill doesn't prohibit tracking, disappointing most privacy advocates that would prefer laws, both federal and state, mandate Do Not Track standards.

"The bill is a disclosure requirement," said Alan Friel, a partner with Edwards Wildman Palmer. "An operator would only be in violation if they failed to post practices in their privacy policy."

Websites that don't clearly spell out practices in their privacy policy would be given a warning and 30 days to come into compliance.

That doesn't mean that the bill isn't without some peril for websites that track consumer Web activity for advertising or other purposes.

"Many websites, mobile apps, ad networks and other online services will need to update their policies," Friel said. "Companies need to make sure privacy statements are accurate and if they are in self-regulatory programs, such as the Digital Advertising Alliance, make sure they are following those practices."

Because the law doesn't set any Do Not Track standards or practices, it leaves the consumer privacy debate wide open. But it does require websites to choose sides to either honor or ignore Do Not Track browser signals.

The World Wide Web Consortium's tracking protection working group has spent two years trying to reach some consensus for a Do Not Track browser standard. During that time, Microsoft and Mozilla forged ahead with Do Not Track browsers. Because those solutions were "on" by default, the Digital Advertising Alliance members have said they would not honor the browser Do Not Track signal.

Recommended articles