“I consider this law somewhat of a narrow issue and it’s very easy to comply with,” McCreary said. Most of McCreary’s clients have altered their privacy policies to say they’re not going to honor DNT requests, he said. “It doesn’t surprise me. You see that often from businesses when they don’t really know what to make of the new laws and what it could mean in the future.”
Halpert helped draft the law, representing privacy and security coalitions that included 21 major tech and media companies, he said. “The reason why we accepted that language was that one can comply with it by saying that third parties may collect information from our website,” Halpert said. “That is a disclosure that is prudent to make today anyway, given the class action [lawsuit] activity over third-party tracking.” But companies still “need guidance as to how to comply with” AB 370, Halpert added.
Much of that guidance will fall to the California attorney general’s office, lawyers said. In early December, the office held meetings to discuss questions about third-party disclosures, said Vedder Price lawyer Bruce Radke, who chairs the firm’s Records Management, eDiscovery and Data Privacy Group. “We’ve been told some best practices are going to come out in January of ,” Radke said. Halpert confirmed the late January timeline. California has been at the forefront of Internet privacy legislation in several areas, lawyers said. The state’s data breach notification laws, in effect since 2003, also were to expand Wednesday to include more types of information under the definition of “personal information,” Radke said. And in August, the Legislature passed a bill — signed into law in September — that limits what types of advertisements can be shown to minors online and mandating an “eraser button” for children who post content online (WID Aug 15 p3). The law takes effect in 2015. To help provide guidance on these and other privacy laws, the office launched a Privacy Enforcement and Protection Unit in 2012 within its eCrime division (http://oag.ca.gov/privacy).
As state officials and lawyers hash out the details, “the real concern is for those smaller web- sites not aware or unclear about the new requirements,” said Carl Szabo, policy counsel for e- commerce trade association NetChoice. He said the law leaves small businesses vulnerable to fines that they might not even be aware of. McCreary said even websites that are aware of the changes are concerned that it could hurt business. “From my clients’ perspective, it is not very pro- business,” he said. “It’s very valuable to see where someone came from or if they didn’t have a sale, where they then went” on the Web. The law could have an effect on a company’s ability to gather that information, McCreary said. — Cory Bennett (firstname.lastname@example.org)
“Reproduced by permission of Warren Communications News, Inc., 800-771-9202, www.warren-news.com.”