Jump to content

California Online Privacy Protection Act: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Scope: YCPR source
Line 12: Line 12:


== Scope ==
== Scope ==
The act has a very broad scope, well beyond California's border. Neither the [[web server]] nor the company that created the website has to be in California to be under the scope of the law. The website only has to be accessible by California residents.<ref>John Yates and Paul Arne, ''[http://localtechwire.com/business/local_tech_wire/opinion/story/1156288/ Protecting Your Visitors: California's Online Privacy Protection Act Could Set Standards]'', LocalTechWire.com (Feb. 23, 2004).</ref>
The act has a very broad scope, well beyond California's border. Neither the [[web server]] nor the company that created the website has to be in California to be under the scope of the law. The website only has to be accessible by California residents.<ref>John Yates and Paul Arne, ''[http://localtechwire.com/business/local_tech_wire/opinion/story/1156288/ Protecting Your Visitors: California's Online Privacy Protection Act Could Set Standards]'', LocalTechWire.com (Feb. 23, 2004).</ref> Many American websites thus include a [[Boilerplate text|boilerplate]] dislcaimer, usually under the heading "Your California Privacy Rights" on their site's [[footer]] section by default for all-page access.<ref>{{cite news|url=https://termsfeed.com/blog/your-california-privacy-rights/|title=The “Your California Privacy Rights” clause|publisher=TermsFeed|accessdate=1 September 2018}}</ref>


== Consequences of non-compliance ==
== Consequences of non-compliance ==

Revision as of 22:53, 1 September 2018

The California Online Privacy Protection Act of 2003 (CalOPPA),[1] effective as of July 1, 2004 and amended in 2013, is the first state law in the United States requiring commercial websites and online services to include a privacy policy on their website. According to this California State Law, under the Business and Professions Code, Division 8 Special Business Regulations, Chapter 22 Internet Privacy Requirements,[2] operators of commercial websites that collect Personally Identifiable Information (PII) from California's residents are required to conspicuously post and comply with a privacy policy that meets specific requirements.[3] A website operator who fails to post their privacy policy within 30 days after being notified about noncompliance, will be deemed in violation. PII includes such information as name, street address, email address, telephone number, date of birth, Social Security number, or other details about a person that could allow a consumer to be contacted physically or online.

Requirements

According to the act, the operator of a website must post a distinctive and easily found link to the website's privacy policy, commonly listed under the heading "Your California Privacy Rights". The privacy policy must detail the kinds of information gathered by the website, how the information will or could be shared with other parties, and, if such a process exists, describe the process the user can use to review and make changes to their stored information. It also must include the policy's effective date and an update on any changes that take place since then.

The owner of a website can be subject to legal actions over CalOPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria. The owner could be faulted for their negligence, possibly even consciously, over their inability to comply with the act, which ultimately results in charges filed against them for this noncompliance.[4]

CalOPPA non-compliance violations may be reported to the California Attorney General's office https://oag.ca.gov/privacy/caloppa/complaint-form

Scope

The act has a very broad scope, well beyond California's border. Neither the web server nor the company that created the website has to be in California to be under the scope of the law. The website only has to be accessible by California residents.[5] Many American websites thus include a boilerplate dislcaimer, usually under the heading "Your California Privacy Rights" on their site's footer section by default for all-page access.[6]

Consequences of non-compliance

As it does not contain enforcement provisions of its own, CalOPPA is expected to be enforced through California's Unfair Competition Law (UCL),[7] which prohibits unlawful, unfair or fraudulent business acts or practices. UCL may be enforced for violations of OPPA by government officials seeking civil penalties or equitable relief, or by private parties seeking private claims.[8]

Non-compliance violations may be reported to the California Attorney General's office https://oag.ca.gov/privacy/caloppa/complaint-form

Compliance by Google

In May 2007, getting to Google's privacy policy required clicking on "About Google" on its home page, which brought up a page that included a link to its privacy policy. New York Times reporter Saul Hansell posted a blog entry[9] raising questions about Google's compliance with this act. A coalition of privacy groups also sent a letter[10] to Google's CEO, Eric Schmidt, questioning the absence of a privacy policy link on its home page. According to Electronic Privacy Information Center director Marc Rotenberg, a lawsuit challenging Google's privacy policy practices as a violation of California law was not filed in the hope that their informal complaints could be resolved through discussions.[11] Later, Google added a direct link to its privacy policy on its homepage.[12]

Proposed amendments

AB 370 Requires New Privacy Disclosures

Assembly Bill 370 (Muratsuchi) which was signed into law in 2013, amended CalOPPA requiring new privacy policy disclosures for websites and online services that track visitors, defined in the legislative analysis of the bill as "the monitoring of an individual across multiple websites to build a profile of behavior and interests."[13]

On February 6, 2013, Assembly Member Ed Chau had introduced AB 242, which would amend the act to impose additional requirements on privacy policies.[14] The amendments would require:

[P]rivacy polic[ies] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.[14]

AB 242 died in the Assembly Judiciary Committee.[15]

Amendment relating to Do Not Track signals

In 2013 the Act was amended to require additional disclosure items—including items relating to "do not track" signals—in privacy policies. See Cal. Assembly Bill 370, which became effective on January 1, 2014.

See also

References

  1. ^ The Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code §§ 22575-22579 (2004).
  2. ^ https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=8.&chapter=22.&lawCode=BPC
  3. ^ https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=BPC&sectionNum=22575.
  4. ^ Privacy Rights Clearinghouse, California's Online Privacy Protection Act Goes into Effect July 1: Requires Internet Merchants to Post a Privacy Policy (June 28, 2004).
  5. ^ John Yates and Paul Arne, Protecting Your Visitors: California's Online Privacy Protection Act Could Set Standards, LocalTechWire.com (Feb. 23, 2004).
  6. ^ "The "Your California Privacy Rights" clause". TermsFeed. Retrieved 1 September 2018.
  7. ^ Cal. Bus. & Prof. Code §§ 17200-17210.
  8. ^ Hunton & Williams LLP, New Requirements for Online Privacy Policies (June 2004).
  9. ^ Saul Hansell, Is Google Violating a California Privacy Law?, New York Times (May 30, 2008).
  10. ^ Letter to Dr. Eric Schmidt, CEO Google Inc. from Privacy Groups (June 3, 2008).
  11. ^ Anne Broache, Google attacked over privacy policy visibility, CNET News (June 3, 2008).
  12. ^ John Paczkowski, "Privacy" Counts as Half a Word if It's in an 8-Point Font, All Things DigJuly , 2008.
  13. ^ https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/
  14. ^ a b Assembly Bill 242.
  15. ^ Olsen. "AB 928 Assembly Bill - Bill Analysis". www.leginfo.ca.gov. Retrieved 2018-03-23.