California Adds Privacy Guidelines for Websites
California wants websites to provide more information on how they use consumer data they gather.
A 28-page "Making Your Privacy Practices Public" document from Attorney General Kamala Harris on Wednesday suggests that sites update their privacy policies with information about how they respond to Do Not Track signals and how they use personally identifiable data. Though they're only guidelines, they reaffirm the state's continued mission to be at the forefront of privacy issues in the absence of a Do Not Track standard.
The guidelines call on sites to highlight the sections of their privacy policies that explain how they respond to Do Not Track signals. "Use a header, for example 'How We Respond to Do Not Track Signals,' 'Online Tracking' or 'California Do Not Track Disclosures," states the document.
Many websites currently link to self-regulatory websites that allow people to opt out of some tracking and ad targeting, including programs from Network Advertising Initiative and Digital Advertising Alliance.
The state also reiterated that sites should explain the types of personally-identifiable data they collect, how that data is used, how it's shared and how long it's stored. "At a minimum, list the different types or categories of companies with which you share customer personal information," the guidelines say.
"In general, I think privacy policies should be more specific about what companies do with personal information," Mr. Brookman said. "They can't reasonably be expected to provide detailed information about every possible use and data partner, but they can provide more -- and more understandable -- information than they do today."
"Something as silly as saying, 'Use a header' pre-supposes so many things about how consumers navigate through a document," he said, calling the state's guidance, "like a lot of shuffling through paper."
Still, Mr. Goldman noted that the guidelines, while voluntary, "are often a roadmap for where the regulator is going."