Online Privacy Protection Act

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The California Online Privacy Protection Act of 2003 (OPPA),[1] effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.

Requirements of the act[edit]

According to the act, the operator of a website must post a distinctive and easily-found link to the website's privacy policy, commonly listed under the heading "Your California Privacy Rights". The privacy policy must detail the kinds of information gathered by the website, how the information may be shared with other parties, and, if such a process exists, describe the process the user can use to review and make changes to their stored information. It also must include the policy's effective date and a description of any changes since then.

The owner of a website can be subject to legal actions over OPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria. The owner could be faulted for his negligence, possibly even consciously, over his inability to comply with the act, which ultimately results to charges filed against him for this noncompliance.[2]

Consequences of non-compliance[edit]

As it does not contain enforcement provisions of its own, OPPA is expected to be enforced through California’s Unfair Competition Law (UCL),[3] which prohibits unlawful, unfair or fraudulent business acts or practices. UCL may be enforced for violations of OPPA by government officials seeking civil penalties or equitable relief, or by private parties seeking private claims.[4]

Compliance by Google[edit]

In May 2008, getting to Google's privacy policy required clicking on "About Google" on its home page, which brought up a page that included a link to its privacy policy. New York Times reporter Saul Hansell posted a blog entry[5] raising questions about Google's compliance with this act. A coalition of privacy groups also sent a letter[6] to Google's CEO, Eric Schmidt, questioning the absence of a privacy policy link on its home page. According to Electronic Privacy Information Center director Marc Rotenberg, a lawsuit challenging Google's privacy policy practices as a violation of California law was not filed in the hope that their informal complaints could be resolved through discussions.[7] Later, Google added a direct link to its privacy policy on its homepage.[8]

Scope[edit]

The act has a very broad scope, well beyond California’s border. Neither the web server nor the company that created the web site has to be in California to be under the scope of the law. The web site only has to be accessible by California residents.[9]

Proposed Amendment[edit]

On February 6, 2013, Assembly Member Ed Chau introduced AB 242, which would amend the act to impose additional requirements on privacy policies.[10] The amendments would require:

[P]rivacy polic[ies] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.[11]

See also[edit]

References[edit]