California’s website privacy law gets unusual enforcement tool
In a very unusual action and an effort to increase enforcement of privacy laws, the California Attorney General released an online form that California residents can use to notify the Attorney General’s Office of website and mobile app owners who are violating the California Online Privacy Protection Act (CalOPPA). This appears to be the first online instrument used to police the Internet for privacy violations.
A website or mobile app operator anywhere in the world that collects personal information such as an email address, name, phone number, physical address and other information about California residents is required to comply with the CalOPPA. Violating this law can subject website and mobile app owners to a civil fine of $2,500 per incident. For mobile app owners this fine could get extremely costly, as they can be fined for each copy of their mobile app that does not comply with the CalOPPA that is downloaded by California residents.
California’s reporting form creates an army of public compliance agents
A privacy law that was rarely enforced in the past now has a public army to help spot and report violations. So in minutes, a California resident can anonymously file a complaint with the California Attorney General’s Office against a company’s website or mobile app using the new online form at https://oag.ca.gov/privacy/caloppa/complaint-form.
The online report form lets people report these types of violations
Here is a shortened version of the CalOPPA requirements for website and mobile app owners:
* List the types of personally identifiable information the online operator collects about their users and the entities, persons and third-parties whom they share such information with.
* Have a procedure so users of their website or mobile app can review and request changes to their personal information that is collected and describe that procedure.
* Disclose how the online operator replies to a person’s web browser “do not track” signals about the collection of personal information over time and across third-party websites or other online services.
* Disclose if any other parties collect personal information concerning a person’s activities online and across other websites when a person uses the operator’s service or website.
They should also eliminate language in their policy that may increase their legal liability. Using cookie cutter or free privacy policies should be avoided, as they are usually poorly drafted and may contain language that could subject online operators to legal liability for deceptive trade practices by the state of California and the FTC.
Enforcing California Privacy Laws
More enforcement tools on the horizon for mobile apps