California law soon may require commercial websites that collect personal data to disclose how they respond to “Do Not Track” signals from Web browsers. AB 370, an amendment to the California Online Privacy Protection Act (Act), which was sponsored by Attorney General Kamala Harris, passed the California Senate and Assembly at the end of August. Governor Jerry Brown is expected to sign the amendment soon.
The bill does not prohibit tracking but instead requires a website operator to disclose its tracking practices in the privacy policy posted on the website. Under the Act, if a website fails to clearly set forth its disclosure practice in its privacy policy, it will be given a warning and 30 days to come into compliance.
If signed into law, many businesses will need to update the privacy policies for the websites they operate to address their tracking policies. Specifically, although the bill does not set a standard for how a website must respond to Do Not Track browser signals, it would require websites to elect whether to honor or ignore those Do Not Track browser signals. Of course, this also would be a good opportunity to revisit website policies to ensure they accurately reflect company operations concerning the handling of personal information captured from the site.