There are a myriad of new, and not-so-new, privacy and consumer protection laws that impose requirements on web site and mobile app operators. For instance, if you do business with California consumers, certain specific notices are required. The California Attorney General is stepping up enforcement of these laws, one of which is new and went into effect as of January 1, 2014. While bringing sites and apps into compliance with these additional requirements, publishers should undertake a broader compliance check-up.
Companies should be sure that they are in compliance with the following notice posting requirements for online services if they engage in transactions with, or otherwise directing the service to, California residents, even if they are not physically located in California:
- if it allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services (e.g., vendors and ad networks); and
- as to how it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services
- The California Shine the Light Act requires that companies (excepting certain entities such as non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers choias to the sharing of that information with third parties (including affiliates) for their direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business. Specific notices and homepage links are dictated by the CA Shine the Light Act, and failure to comply has already resulted in several class action lawsuits seeking statutory damages available under the Act.
- The California Transparency in Supply Chains Act of 2010 (the “Supply Chain Act”) is a little know law that requires retail sellers and manufacturers doing business in California that have $100 million or more in worldwide gross revenue to provide specified details of their efforts (if any) to eradicate slavery and human trafficking from their supply chain. For more information click here.
- If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.
California consumer protection law continues to evolve. As of January 1, 2014, California’s data breach notification law has been expanded to include online account credentials (e.g., username and password or security question). In addition, commencing January 1, 2015, a recently enacted California law will require online services with user-posted content to give minors the ability to have their previously posted content removed from public view. This law will also restrict the advertising of certain age-restricted products and services to minors. More on these and other recent California consumer protection laws is available here. Further legislation is currently being considered. For instance, there is a bill in the California legislature, known as the Right to Know Act that would give California consumers the right to demand from companies details on information a company maintains about them. We will be monitoring this and other potential consumer protection legislation that may be enacted in 2014.
Edwards Wildman’s Advertising, Marketing and Promotions, Digital Media and e-Commerce, and Privacy and Data Security work together to assist advertisers, brick-and-mortar and e-commerce retailers, web site, mobile app and online service operators and others maintain appropriate compliance programs. For more information on how to build and maintain a data privacy and security compliance program, click here or contact one of the authors.