On February 6, 2013, California Assembly Member Ed Chau introduced legislation that would require commercial websites or online services that collect personally identifiable information to make their privacy policies easier to read. Two ways the bill hopes to achieve this goal is by mandating that the privacy policies be 100 words maximum and written at no greater than an 8th grade reading level. The bill sponsors hope that this will prevent companies from putting legalese into their privacy policies.
AB 319: Websites and online services-Minors
AB 319, introduced by Assembly Member Nora Campos on February 12, 2013, will require website and online service operators that have actual knowledge that they are collecting personal information from minors to provide notice on the website of what information they are collecting from minors and how the operator uses the information. The bill will also require the website operator to provide specific information to the parent of a minor that has provided the personal information to the website and to give the parent an opportunity to refuse to permit the operator’s further use or future collection of personal information from the minor. Essentially, the bill would make it so that any website that collects any information about anyone under the age of 18 would be required under California law to reveal that personal information to parents if requested.
AB 370: Online Tracking Transparency
AB 370 would require website operators to have privacy policies that disclose whether or not they are honoring a consumer’s requests to disable online tracking of the individual consumer who uses or visits the commercial website or online service. The bill would also require website operators to disclose whether they have prevented or allowed third parties to use online tracking.
AB 1291: Information-sharing disclosures: “Shine the light”
If passed, AB 1291, also known as The Right to Know Act of 2013 would let consumers find out who has their personal data, and would also allow consumers to get a copy of it. More specifically, AB 1219 would require a company to give users access to the personal data that the company has stored on them when a user requests it within 30 days of the request. The bill would also mandate a company to disclose a list of all third parties with whom it has shared the consumer’s data during the previous 12 months, the contact information of such third parties, and the types of personal information that was shared. The law would cover California residents and would apply to both brick and mortar and online companies. If a company does not comply with the requirements, AB 1291 grants California residents the right to file a civil lawsuit to force compliance.
The Right to Know Act hopes to increase transparency by allowing users to track the flow of their data from online interactions. The bill was written to ensure that California companies of all sizes will be able to tell Californians how they are collecting and sharing a consumer’s personal data.
SB 383: Online Purchases: Personal Information
Senator Hannah-Beth Jackson proposed SB 383 to protect consumers’ privacy when using a credit card on e-commerce websites. The bill would not only require online merchants to destroy all collected user-data once it is no longer needed, but it would also prohibit a merchant from asking for any information other than what’s essential to combat fraud or identity theft, such a consumer’s ZIP code.
While it is unclear which of these bills, if any, will be passed this year, the introduction of these bills indicates that California lawmakers are taking steps to protect the privacy of California consumers. If you have any questions about how the proposed legislation discussed above will impact your California business, our Northern California business law attorneys can help. You can contact one of our lawyers using our online contact form, or by calling us at 925-463-1073.
Privacy Legislation Pending in 2013, State of California Department of Justice, Office of the Attorney General