Each year, companies should take stock of changes in the law that may affect their business. One change companies with mobile application offerings or an online commercial presence should be aware of is an amendment to the California Online Privacy Protection Act (CalOPPA). Don’t let the name fool you, CalOPPA applies far beyond the state of California – it applies to any site that collects personally identifiable information about consumers living in California, and has been interpreted to apply to mobile applications as well.
CalOPPA already requires privacy policies to describe the following things:
- what personally identifiable information is collected about users through the site or service,
- what third parties are given access to the information that is collected,
- how consumers may review or make changes to the data collected about them, if a procedure exists, and
- how changes to the policy will be notified to consumers, and the current policy effective date.
The amendments to the law, which took effect January 1, now require two further disclosures: companies that collect personally identifiable information about a consumer and track that consumer’s online activities over time and across third-party websites or services must disclose how they respond to web browser “do not track” signals, and companies that allow this type of tracking on their site by third parties must disclose this information.