California Legislation Requiring Disclosure of "Do Not Track" Practices Heads to Governor's Desk
By Drew Wisniewski and Jennifer Archie
On September 3, 2013, California Assembly Bill 370 (“A.B. 370”), an amendment to the California Online Privacy Protection Act (“CalOPPA”), was enrolled and sent to Governor Jerry Brown for his signature. A.B. 370, which was sponsored by Attorney General Kamala Harris, requires an operator of a Web site or online service that collects “personally identifiable information” to disclose how it responds to “do not track” signals. Under the California Constitution, the Governor has 12 days following presentment to veto or sign the bill before it automatically becomes law.
In August, A.B. 370 passed the Senate and Assembly with unanimous support. The amendment was introduced by Assembly Member Al Muratsuchi, a Democrat, and was sponsored by Attorney General Harris, who has been aggressively pursuing new privacy laws and enforcement actions after announcing the creation of the Privacy Enforcement and Protection Unit in the Department of Justice last year. The unit focus on protecting consumer and individual privacy through prosecution of state and federal privacy laws. In addition to the Attorney General, the amendment was supported by the California Public Interest Research Group, Consumer Watchdog, and Microsoft Corporation. Some privacy advocacy groups, such as Consumer Watchdog, pointed out that this is only a disclosure requirement and not a Do Not Track requirement.
A.B. 370 was sent to the Governor along with another privacy bill, Senate Bill 568 (“S.B. 568”). S.B. 568 unanimously passed the Senate and House and if signed, would take effect on January 1, 2015. It would require an operator of a Web site, online service, online application, or mobile application to permit a minor to remove, or to request and obtain removal of, content or information posted online. The bill would require that the operator provide notice to a minor that the minor may remove the content or information. Additionally, the bill would prohibit the operator of any Web site, online service, online application, or mobile application from marketing or advertising products or services to a minor that a minor cannot legally purchase, and collecting a minor’s information.