Many companies operating commercial websites and online services will likely need to update their privacy policies soon to comply with new requirements in California. After passing the Assembly and the Senate in a series of unanimous votes, A.B. 370 is now before the Governor for signature, which is expected soon.
If signed, A.B. 370 will amend the California Online Privacy Protection Act to require companies to include information about how they respond to “do not track” signals, as well as other new information about their collection and use of personally identifiable information. Companies who collect personally identifiable information online will need to review and revise their privacy policies to ensure information is included about:
- What categories of personally identifiable information are collected;
- The third parties with whom that information may be shared;
- Whether there is a process and, if so, what the process is to review and request changes to personally identifiable information that is collected;
- How the company responds to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice over the collection of personally identifiable information about their online activities over time and across third-party websites or online services, if the company collects such information; and
- Whether third parties may collect personally identifiable information about a consumer’s online activities over time and across different websites when a consumer uses the company’s website.