Did you know that there is a friend zone for the collectors of private information online? It’s called Do Not Track (“DNT”). The California Online Privacy Protection Act of 2003 (“CalOPPA”) requires you to notify your users as to how you respond to DNT signals. Furthermore, CalOPPA also requires you to disclose whether other parties may collect personally identifiable information about an individual’s online activities over time and across different websites.
What is Do Not Track (DNT)?
DNT is a header that indicates that you do not want to be tracked. Every time your computer sends and receives information online, the request begins with a header. Therefore, DNT is the first line of defense that tells other websites that you do not want them to track you. Here is a helpful flow that illustrates what happens when a website that honors DNT meets a browser where DNT is turned on:
What must you disclose?
First, regarding DNT, CalOPPA does not require you to respond to these signals in a particular way, only that you notify your users of the way in which you respond. If you are unsure as to how you respond to DNT, it is recommended to state that you do not respond to it. Second, you must disclose what third parties, if any, are collecting information about your visitors on your website. For example, you must disclose whether Google AdWords is collecting information about your visitors.
This requirement applies regardless of where you or your website is based. CalOPPA applies to all websites and applications that collect the Personally Identifiable Information (PII) of residents of California. Therefore, this statute applies to you regardless of whether you are in Illinois or California.
What’s the difference between DNT and Cookie Consents?
While DNT is a great first line of defense, it isn’t very effective on it’s own — primarily because website’s are not typically required by privacy laws to abide by DNT. That’s why it’s still important to also provide a Cookie Consent on your website.
Cookie consent is giving website users the ability to consent, reject, and specify what cookies and trackers a website can activate to process their PII. Several privacy laws require user consent prior to enabling cookies that are not essential to the operation of the website, if they collect users’ personal information such as IP addresses. This consent usually takes place via a popup that appears when a person enters the website.
Protect yo self,
Team Termageddon