California has passed a bill that amends the existing California Online Privacy Protection Act (“CalOPPA”) to require that websites collecting personally identifiable information (“PII”) about California residents be transparent in how they respond to web browser “do not track” (“DNT”) signals.
- the categories of PII collected by the site,
- the categories of third parties with whom such information is shared,
- the process (if any) that the site operator uses for an individual to request changes to any PII collected through the site,
- the effective date of the policy, and
- how users are notified about changes to the policy.
The major web browsers offer DNT browser headers that give consumers the choice to elect not to be tracked across websites for purposes such as online behavioral advertising. The amendment to CalOPPA does not require that websites comply with the web browser DNT signals. Rather, websites are free to ignore such signals so long as they are transparent about it to their users in their online privacy policies.