California Adds Privacy Guidelines for Websites

State Continues to Bang the Privacy Drum

By Published on .

California Attorney General Kamala Harris
California Attorney General Kamala Harris

California wants websites to provide more information on how they use consumer data they gather.

A 28-page "Making Your Privacy Practices Public" document from Attorney General Kamala Harris on Wednesday suggests that sites update their privacy policies with information about how they respond to Do Not Track signals and how they use personally identifiable data. Though they're only guidelines, they reaffirm the state's continued mission to be at the forefront of privacy issues in the absence of a Do Not Track standard.

The guidelines call on sites to highlight the sections of their privacy policies that explain how they respond to Do Not Track signals. "Use a header, for example 'How We Respond to Do Not Track Signals,' 'Online Tracking' or 'California Do Not Track Disclosures," states the document.

"I agree with the Attorney General that providing language in the privacy policy about how Do Not Track requests are treated is better than just linking to some self-regulatory regime," said Justin Brookman, director of Center for Democracy and Technology's project on consumer privacy.

Many websites currently link to self-regulatory websites that allow people to opt out of some tracking and ad targeting, including programs from Network Advertising Initiative and Digital Advertising Alliance.

The state also reiterated that sites should explain the types of personally-identifiable data they collect, how that data is used, how it's shared and how long it's stored. "At a minimum, list the different types or categories of companies with which you share customer personal information," the guidelines say.

"In general, I think privacy policies should be more specific about what companies do with personal information," Mr. Brookman said. "They can't reasonably be expected to provide detailed information about every possible use and data partner, but they can provide more -- and more understandable -- information than they do today."

Some were less than thrilled with the new guidance. Eric Goldman, an internet and advertising law professor at Santa Clara University School of Law called the document "too painful" to read in its entirety, and suggested that adding a header to a privacy policy does not constitute strong guidance from the state.

"Something as silly as saying, 'Use a header' pre-supposes so many things about how consumers navigate through a document," he said, calling the state's guidance, "like a lot of shuffling through paper."

Still, Mr. Goldman noted that the guidelines, while voluntary, "are often a roadmap for where the regulator is going."

Most Popular