Earlier this year, a new do-not-track law went into effect in California (AB370) that requires some website owners (including brand websites) to disclose how they handle web and mobile do not track requests and to clearly explain how third parties are allowed to collect tracking and behavioral data “over time” and “across different web sites”.
The focus on do-not-track laws and guidelines has been increasing for years, and the new California law is just one more step to protect personally identifiable information that websites collect and share on a daily basis. While it doesn’t technically force companies from adhering to a person’s do-no-track requests, it does require websites to openly communicate how they respond to do-no-track requests and how they ensure data is only collected by approved third parties.
The challenge for brand marketers is effectively monitoring compliance across the intricate web (no pun intended) of companies collecting data. For example, brand marketers will need to ensure that the online advertising companies they work with are adhering to the new California law. Procedures will need to be put in place to monitor companies that collect names, addresses, phone numbers, email addresses, social security numbers, and other personally identifiable information that could be used to contact people directly. This is in addition to securing personally identifiable information to ensure it is protected from theft.
According to the new law, which is actually an amendment of the California Online Privacy Protection Act, brands with an online service (i.e., a website) must disclose:
- The type of personally identifiable information collected
- The types of third-parties that the website owner might share that personally identifiable information with
- The process that the website owner follows for a person to review and request changes to the collected information
- The process that the website owner follows to notify individuals of material changes to its privacy policy
- The effective date of the privacy statement
- The process used by the website owner to respond to a browser’s do-not-track signal about the collection of information about online activities over time and across third party online services
- Whether third parties collect information about online activities over time and across different online services
How is your company handling do-not-track laws and guidelines for your brand? Leave a comment below and share your thoughts.
Image: Martyn E. Jones
Lucy is Editor at Corporate Eye
