Did you know that there is a friend zone for the collectors of private information online? It’s called Do Not Track (“DNT”). The California Online Privacy Protection Act of 2003 (“CalOPPA”) requires you to notify your users as to how you respond to DNT signals. Furthermore, CalOPPA also requires you to disclose whether other parties may collect personally identifiable information about an individual’s online activities over time and across different websites.
What is Do Not Track (DNT)?
DNT is a header that indicates that you do not want to be tracked. Every time your computer sends and receives information online, the request begins with a header. Therefore, DNT is the first line of defense that tells other websites that you do not want them to track you. Here is a helpful flow that illustrates what happens when a website that honors DNT meets a browser where DNT is turned on:
What must you disclose?
First, regarding DNT, CalOPPA does not require you to respond to these signals in a particular way, only that you notify your users of the way in which you respond. If you are unsure as to how you respond to DNT, it is recommended to state that you do not respond to it. Second, you must disclose what third parties, if any, are collecting information about your visitors on your website. For example, you must disclose whether Google AdWords is collecting information about your visitors.
This requirement applies regardless of where you or your website is based. CalOPPA applies to all websites and applications that may have visitors or users from California. Therefore, this statute applies to you regardless of whether you are in Illinois or California.
Protect yo self,