Legal Alerts View All Current >

August 30, 2018
August 17, 2018
August 3, 2018
July 23, 2018
July 10, 2018
June 21, 2018
April 27, 2018
April 13, 2018
April 2, 2018
March 16, 2018
March 2, 2018
February 15, 2018
February 2, 2018
January 19, 2018
January 5, 2018
December 14, 2017
December 1, 2017
November 9, 2017
October 26, 2017
October 12, 2017
September 28, 2017
September 14, 2017
September 1, 2017
August 18, 2017
August 3, 2017
July 21, 2017
June 16, 2017
April 20, 2017
April 7, 2017
March 24, 2017
March 10, 2017
February 24, 2017
February 9, 2017
January 26, 2017
January 12, 2017
December 30, 2016
December 16, 2016
December 1, 2016
November 10, 2016
October 27, 2016
October 13, 2016
September 29, 2016
September 15, 2016
September 1, 2016
August 22, 2016
August 4, 2016
July 21, 2016
June 24, 2016
April 28, 2016
April 14, 2016
April 1, 2016
March 17, 2016
March 4, 2016
February 18, 2016
February 4, 2016
January 21, 2016
January 7, 2016
December 17, 2015
December 4, 2015
Novmber 19, 2015
November 9, 2015
October 22, 2015
October 8, 2015
September 24, 2015
September 11, 2015
August 25, 2015
August 6, 2015
July 23, 2015
June 29, 2015
June 15, 2015
April 30, 2015
April 16, 2015
April 2, 2015
March 19, 2015
March 6, 2015
February 20, 2015
February 5, 2015
January 23, 2015
January 8, 2015
December 18, 2014
December 4, 2014
December 4, 2014
November 21, 2014
November 6, 2014
October 23, 2014
October 9, 2014
September 25, 2014
September 12, 2014
August 28, 2014
August 14, 2014
July 31, 2014
July 17, 2014
June 19, 2014
May 27, 2014

California Attorney General Kamala Harris recently released guidance, Making Your Privacy Practice Public, to help companies comply with the California Online Privacy Protection Act's (CalOPPA) "Do Not Track" (DNT) disclosure requirements which took effect on January 1, 2014. CalOPPA requires online privacy policies to disclose whether the company tracks and collects personally identifiable information (PII) (which includes names, contact information, unique identifiers, and passively collected information such as device identifiers and geolocation data) about California residents' online activities over time and across third-party websites or services, including via mobile apps, and whether or not the company recognizes DNT mechanisms that have been designed to prevent such tracking.

If a company does engage in such online tracking, then the online privacy policy must either describe how the company responds to a DNT signal, or provide consumers with a clear and conspicuous link to a DNT mechanism to which the company will respond. The law does not prohibit online consumer tracking, but rather seeks to provide consumers with greater transparency through the additional disclosures.

The guidance expresses a preference for companies to utilize the first option to describe their DNT policies to consumers, as it promotes greater transparency than simply providing consumers with a link to a DNT mechanism. When describing if and how a website responds to DNT signals, the privacy policy should:

  • State whether consumers who use DNT mechanisms are treated differently than consumers who do not, and how the treatment is different (e.g., "Your experience may be degraded . . . ")
  • Disclose whether PII is collected when a DNT signal is received
  • Describe how that information is used if PII is collected when a DNT signal is present

In addition to describing a company's own DNT privacy policies, CalOPPA also requires companies to disclose whether third parties, such as advertising networks that track consumers over time and across websites, are present on the company’s website or service. The guidance poses useful questions to determine whether third-party trackers present on a company's website are authorized to be there and adhere to the company's DNT policy.

The Attorney General's Privacy Enforcement and Protection Unit will begin reviewing companies' privacy policies for compliance and work with companies to help them comply with the DNT disclosure requirements. Companies found to be in noncompliance will have 30 days to comply with CalOPPA before being subject to an enforcement action. Failure to comply with CalOPPA can result in civil penalties of up to $2,500 per violation.

Companies should remember that even if they are not physically present in California, CalOPPA applies if the company collects PII from California residents. In addition, although this alert focuses on the required DNT disclosures, the Attorney General’s guidance offers additional recommendations regarding online privacy policies.

Ballard Spahr attorneys regularly advise financial institutions and other companies providing financial services online on compliance with consumer financial services laws, as well as related data security and privacy laws. Our attorneys regularly conduct website and mobile app audits to help clients ensure that they know what third parties are present on their sites and whether the practices of those parties are consistent with their privacy policies.

The firm's Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products as well as its experience with the full range of federal and state consumer credit laws. Members of the Group who are also part of the Privacy and Data Security Group focus on financial privacy by design—evaluating new and existing products and services and communications channels to ensure that financial institutions are meeting their privacy and data security obligations.

If you have questions about the DNT disclosures or wish to receive information about any of the other privacy policy recommendations, please contact CFS Practice Leader Alan S. Kaplinsky at 215.864.8544 or kaplinsky@ballardspahr.com.


Copyright © 2014 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

 

 

April 24, 2014
April 10, 2014
March 27, 2014
March 13, 2014
February 27, 2014
February 14, 2014
January 30, 2014
January 17, 2014
January 3, 2014
December 19, 2013
December 5, 2013
November 22, 2013
November 7, 2013
October 24, 2013
October 8, 2013
September 19, 2013
September 5, 2013
August 22, 2013
August 8, 2013
July 26, 2013
July 11, 2013
June 28, 2013
June 14, 2013
April 22, 2013
April 4, 2013
March 21, 2013
March 8, 2013
February 21, 2013
February 6, 2013
January 24, 2013
January 10, 2013
December 14, 2012
November 30, 2012
November 15, 2012
November 2, 2012
October 18, 2012
October 4, 2012
September 21, 2012
September 6, 2012
August 23, 2012
August 9, 2012
July 26, 2012
July 11, 2012
June 21, 2012
April 26, 2012
April 12, 2012
March 29, 2012
March 15, 2012
March 1, 2012
February 16, 2012
February 2, 2012
January 12, 2012