Online Privacy Protection Act
The act has a very broad scope, well beyond California's border. Neither the web server nor the company that created the website has to be in California to be under the scope of the law. The website only has to be accessible by California residents. Many American websites thus include a boilerplate disclaimer, usually under the titled hyperlink of "Your California Privacy Rights", on their site's footer section by default for all-page access.
Consequences of non-compliance
As it does not contain enforcement provisions of its own, CalOPPA is expected to be enforced through California's Unfair Competition Law (UCL), which prohibits unlawful, unfair, or fraudulent business acts or practices. UCL may be enforced for violations of CalOPPA by government officials seeking civil penalties or equitable relief, or by private parties seeking private claims.
Non-compliance violations may be reported to the California Attorney General's office website.
Compliance by Google
AB 370 Requires New Privacy Disclosures
On February 6, 2013, Assembly Member Ed Chau had introduced AB 242, which would amend the act to impose additional requirements on privacy policies. The amendments would require:
- [P]rivacy polic[ies] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th-grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.
AB 242 died in the Assembly Judiciary Committee.
Amendment relating to Do Not Track signals
In 2013 the Act was amended to require additional disclosure items in privacy policies. It required privacy policies to either either contain an disclosure, or link to a disclosure on a separate page, detailing how websites responded to the Do Not Track header and "other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services", if websites tracked the personally identifiable information of users. It also required privacy policies to disclose if websites allowed third-parties to engage in cross-site tracking of their users. See Cal. Assembly Bill 370, which became effective on January 1, 2014.
- California Attorney General's Office - privacy laws https://oag.ca.gov/privacy/privacy-laws
- California Legislative Information - Code Sections https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=8.&chapter=22.&lawCode=BPC
- Child Online Protection Act (COPA)
- Children's Online Privacy Protection Act (COPPA)
- California Senate Bill 1386 (2002)
- Consumer Federation of California https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/
- The Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code §§ 22575-22579 (2004).
- John Yates and Paul Arne, Protecting Your Visitors: California's Online Privacy Protection Act Could Set Standards, LocalTechWire.com (Feb. 23, 2004).
- "The "Your California Privacy Rights" clause". TermsFeed. Retrieved 1 September 2018.
- Cal. Bus. & Prof. Code §§ 17200-17210.
- Hunton & Williams LLP, New Requirements for Online Privacy Policies (June 2004).
- Saul Hansell, Is Google Violating a California Privacy Law?, New York Times (May 30, 2008).
- Letter to Dr. Eric Schmidt, CEO Google Inc. from Privacy Groups (June 3, 2008).
- John Paczkowski, "Privacy" Counts as Half a Word if It's in an 8-Point Font, All Things DigJuly, 2008.
- Assembly Bill 242.
- Olsen. "AB 928 Assembly Bill - Bill Analysis". www.leginfo.ca.gov. Retrieved 2018-03-23.