In the wake of numerous high-profile breaches of user privacy and complaints about sites that track the online activity of users, California Attorney General Kamala Harris has released a 28-page set of recommendations for how website operators communicate about their privacy, information collection and data-sharing practices.
While not carrying the force of law, the guidelines spelled out in Making Your Privacy Protections Public are recommended best practices that expand on California’s Online Privacy Protection Act of 2003 (CalOPPA). That Act was amended in 2013 specifically to address the issue of online tracking, which enables websites to personalize user experience, deliver targeted advertising, and make other uses of the data.
The policies are intended to reform the common practice among website operators to post lengthy privacy policies that “often fail to address data-handling practices of concern to consumers or offer them meaningful choices about the collection and use of their data.”
Here are highlights of the recommendations:
The recommendations also note that “personally identifiable information” includes passively collected information, like device identifiers and geo-location data.
In addition to the guidelines, the document also includes Sections 22575-22579 of California’s Business and Professions Code, which specifically address the obligations of website operators to protect the privacy of user data.