As of January 1, 2014, California law requires operators of websites and online services to publicly disclose how they respond to “do not track” (dnt) signals, though the exact requirements vary depending on whether an entity is a first party (e.g., web publisher) or third party (e.g., ad network). The new law will not require companies to honor dnt signals.
Operators of websites and online services should be prepared to update their privacy policies.
Amended Law – New Disclosure Requirements
Who is covered
Third Party Disclosure Obligations
AB 370 appears to require third parties to either disclose: (1) how it responds to web browser dnt signals or (2) other mechanisms that provide consumers the ability to exercise choice regarding PII collection. In cases where the third party links to an “other mechanism,” the law does not require third parties to affirmatively state that they do not respond to dnt signals. If that is the case, third parties may still elect to make such disclosures as a defense to potential frivolous assertions that such entities have not disclosed how they respond to dnt signals.
First Party Disclosure Obligations
AB 370 took effect on January 1, 2014. Online operators have 30 days to comply after being notified of noncompliance.
Venable attorneys are available to help evaluate whether your disclosures with respect to your online data practices comply with AB 370.