Under CalOPPA, website operators were already required, among other things, to conspicuously post a privacy policy that describes the categories of personally identifiable information the website or mobile application operator collects, and with whom the information is shared. As amended by Assembly Bill 370, website and mobile application operators are now required to disclose to users how the site responds to so-called “Do Not Track” mechanisms, which are typically small pieces of code – similar to cookies – that signal to websites or mobile applications that the user does not want the website operator to track his or her visit to the site, including through analytics tools, advertising networks and other types of data collection and tracking practices.I think that the idea behind the amendment is interesting. Internet users are gradually beginning to learn about just how much information that websites collect from them, and technology to block cookies and other tracking software is becoming more widespread. But many users are not aware that websites may have cookies that can regenerate or resist cookie blockers in other ways -- and this law would at least require websites to tell users that the website is engaging in these practices.
At the same time, I am not sure if this amendment will make much of a difference. It is not immediately clear to me what it means to "conspicuously post" a privacy policy. Howell and Sanborn recommend that website operators add the provisions required by AB 370 to their existing privacy policies. While most web pages have links to these policies somewhere on the page, users are rarely aware of the contents of these policies.
No comments:
Post a Comment