Website privacy policies are a ubiquitous fact of web life, intended to allow users to easily understand the personal information being collected by a website and how that site uses and shares that information. Over time, however, privacy policies have gotten longer, denser and exceedingly complex—a seeming embodiment of the "Go Big or Go Home" ethos. Consequently, privacy policies have become less useful, and few consumers understand or even try to read them. However, with the publication earlier this year of Making Your Privacy Practices Public (the Guide), the Attorney General of California (CAG) tackled this issue head-on, seeking to reverse the trend and make privacy policies more meaningful.
The State of California has long been the leader in promoting privacy on the Web. With the California Online Privacy Protection Act of 2003 (CalOPPA), California was the first state to require websites to post privacy policies, and later confirmed that this obligation applied to mobile sites as well. The CAG formed a Privacy Enforcement and Protection Unit to educate consumers, provide guidance to businesses and enforce both federal and state privacy laws. Most recently, the California Legislature passed AB 370, which amended CalOPPA to require disclosures regarding online tracking. While, on their face, the privacy laws of California apply only to companies collecting personally identifiable information of California residents, the CAG's aggressive focus on privacy, coupled with, as the Guide notes, California's "economic importance and the borderless world of online commerce," makes California law required reading for all website operators.
Please see full publication below for more information.