CookieLaw Blog October 7, 2013

The World’s First Do Not Track Law

The state government of California has in the last few days enacted the first law anywhere in the world that recognises the Do Not Track setting now found in most browsers.

California law AB370 requires companies that collect data on Californian residents to declare in their privacy policy how they respond to the ‘do not track’ signal sent by some visitors browsers.

It also requires owners to make it clear if third parties are also using the site to track visitor behaviour or browsing history.

Although the US is often thought of as having fewer privacy protections for consumers compared to the EU, there is often much more enforcement of what protections are in place – because it is driven by court based litigation rather than fines from a regulator.  As a result the costs of non-compliance in the US are generally much higher than for EU companies.

The law is currently restricted to protecting Californians, but due to the size of that market, pretty much any online business in the US will need to comply.  Plus, where California leads on these issues, other states often follow.

AB370 doesn’t require sites to actually respond to a Do Not Track request, and the fact that it has come into force fairly quietly suggests many believe that it is relatively toothless in terms of effect real change in tracking technologies use.

It may nonetheless yet prove to be a significant first step.  It is unclear at this time exactly what websites are going to have to do to comply, but on the surface at least it suggests they are going to have to review both privacy policies, and get a handle on what kind of tracking is taking place on their websites.  This last sounds a lot like the Cookie Audits that EU based companies have gotten used to carrying out over the last couple of years.

Discussions on a universal standard for Do Not Track – what it means and how web services should respond, have been ongoing at the World Wide Web Consortium (W3C) for nearly two years now, with very little progress towards agreement on key definitions.  Opposing interests at the negotiating table have led many to the conclusion that agreement will never be reached by the consensus model adopted by the W3C.

This failure to agree has had the shadow of externally imposed legislation hanging over it for most of 2013.  That shadow has now taken solid form.

Recent Posts

January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved