Starting today, 1st of January 2014, operators from California need to update their Privacy Policies with the "Do Not Track" disclosure.
"Operators" means online companies, websites, mobile apps etc. Any kind of entity that collects and use personal information from users is an operator.
What is Do Not Track
"Do Not Track" - shorten as DNT - is a preference that users can set on their browser (if supported) to opt-out from online behavioral tracking done by various companies, such as Google AdWords or AdRoll.
These changes in the CalOPPA law require websites (but not only) to notify users how the website responds to the "Do Not Track" setting:
- The website responds to the DNT setting of a user's web browser
- Or the website doesn't follow to the DNT setting
Companies are only required to notify users if they follow the response of a user's Do Not Track setting. Companies are not required to actually follow the response, only to notify if they follow the setting or not.
Even if the company isn't registered in California, your website may have users from California. As a result, you'll need to comply with the CalOPPA law and update your Privacy Policy to include information about the Do Not Track setting.
Sample Do Not Track clause
You can comply with the recent changes in the law by adding a disclosure to your Privacy Policy that informs users if you respond or if you don't to the "Do Not Track" browser setting.
Current best practices by most online companies recommended that you don't respond to the DNT header until you're 100% sure that all third parties that your website is using, i.e. Google Analytics, will also respond in the same way.
Examples:
-
Your simple website is following the Do Not Track setting, but you use Google Analytics.Google Analytics in return doesn't follow the DNT setting.
Your disclosing of the Do Not Track in your Privacy Policy would be incorrect: even if you follow the response, Google Analytics, a third party that you're using on your website, isn't.
- If your website is following the Do Not Track setting, but your use of Google AdSense to show ads isn't following the setting.Your Privacy Policy will incorrectly inform users that you follow their web browser's setting.
The Privacy Policy Generator can generate this legal agreement with the "Do Not Track" clause added.
Example from Apple
Apple, Inc. is a California-based business. The company is subject to the changes from CalOPPA, including the requirement to post the Do Not Track disclosure.
Apple's Privacy Policy page was updated to comply with this requirement:
The text reads:
California Do Not Track Disclosure
Read about Apple’s compliance with California’s new privacy law.
Learn more
A separated page, titled "Apple's California Do Not Track Notice", informs users about this mandatory disclosure:
Apple does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, Safari allows you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
Apple provides a link to how to enable or disable the DNT for Safari browsers, in OS X Mountain Lion operating system: http://support.apple.com/kb/PH11952
Check status on DNT setting
The Do Not Track help page will show the status of your DNT setting:
The help page also has instructions on how to enable or disable the Do Not Track setting for multiple browsers:
- Chrome
- Firefox
- Safari
- Opera
- And Internet Explorer
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.