By: Paul Fraidenburgh, Esq.
Web browsers, social networks, and other online services track consumer data to fine-tune the user experience and to facilitate targeted advertising. Those who have searched for an item online, only to find that item mysteriously displayed on other websites they later visit, have knowingly or unknowingly participated in the online tracking phenomenon.
In response to these virtually ubiquitous tracking practices, a number of web browsers and other online services have given consumers the option of activating a Do Not Track (“DNT”) mechanism as they navigate various web applications. The DNT mechanism sends a signal, typically transmitted in the form of an HTTP header, communicating the consumer’s election not to be tracked. However, the mere activation of a DNT signal does not require the operator of a website or service to suspend its tracking practices as to that individual. In fact, consumers have no control over a website operator’s decision to honor – or not to honor – a DNT signal.
On September 27, 2013, Governor Brown signed into law Assembly Bill No. 370, commonly known as the Do Not Track law. AB 370 amended the California Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code §§ 22575-22579 (“CalOPPA”), requiring certain websites and mobile apps to disclose how they respond to DNT signals. Additionally, the amended Section 22575 requires disclosure of whether third parties may collect personally identifiable information (“PII”) in connection with the consumer’s use of the website or online service. Thus, contrary to its nickname, AB 370 is not a law that prevents tracking, but rather a law regulating the transparency of websites and mobile apps in carrying out their tracking practices.
The new Section 22575 does not broaden the class of website operators within CalOPPA’s reach. Like the previous Section 22575, the new law applies only to operators of “commercial” websites or online services that collect PII about California residents who use or visit their website or online service. That means non-commercial website operators are not required to conform their practices to the new law.
Websites and mobile apps are now tasked with making privacy promises that mollify user concerns while avoiding representations that would increase the risk of enforcement actions for failing to uphold a promise to honor DNT signals. Thus, although it is clear that AB 370 increases transparency, it may have the unintended effect of diminishing the promises online companies are willing to make.
Paul Fraidenburgh is an Associate in Buchalter Nemer’s Litigation Practice Group in Orange County. He can be reached at (949) 224-6247 or [email protected].