Online Privacy Protection Act
Requirements of the act
Consequences of non-compliance
As it does not contain enforcement provisions of its own, OPPA is expected to be enforced through California’s Unfair Competition Law (UCL), which prohibits unlawful, unfair or fraudulent business acts or practices. UCL may be enforced for violations of OPPA by government officials seeking civil penalties or equitable relief, or by private parties seeking private claims.
Compliance by Google
The act has a very broad scope, well beyond California’s border. Neither the web server nor the company that created the web site has to be in California to be under the scope of the law. The web site only has to be accessible by California residents.
On February 6, 2013, Assembly Member Ed Chau introduced AB 242, which would amend the act to impose additional requirements on privacy policies. The amendments would require:
- [P]rivacy polic[ies] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.
This bill died in the Assembly Judiciary Committee.
Amendment Relating to Do Not Track Signals
In 2013 the Act was amended to require additional disclosure items—including items relating to "do not track" signals—in privacy policies. See Cal. A.B. 370, which became effective on January 1, 2014.
- The Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code §§ 22575-22579 (2004).
- Cal. Bus. & Prof. Code §§ 17200-17210.
- Hunton & Williams LLP, New Requirements for Online Privacy Policies (June 2004).
- Saul Hansell, Is Google Violating a California Privacy Law?, New York Times (May 30, 2008).
- Letter to Dr. Eric Schmidt, CEO Google Inc. from Privacy Groups (June 3, 2008).
- John Paczkowski, "Privacy" Counts as Half a Word if It's in an 8-Point Font, All Things Digital (July 7, 2008).
- John Yates and Paul Arne, Protecting Your Visitors: California's Online Privacy Protection Act Could Set Standards, LocalTechWire.com (Feb. 23, 2004).
- Assembly Bill 242.