- How they will respond to a Web browser signal such as Do Not Track (DNT) or other mechanism that provides consumers with the ability to exercise choice, or
- Whether third parties collect data through the website or online service.
Who Does California AB 370 Apply To?
AB 370 applies to companies that collect personally identifiable information (PII) about individual California consumers’ online activity over time and across third party websites or online services, or allow other parties to do this.
The bill is currently awaiting the governor’s signature. If the governor does not veto it by October 13, 2013, AB 370 will become law on January 1, 2014. TRUSTe will update its program requirements later this year to reflect the requirements of the updated law.
Companies need to ensure that the disclosure made around how they will respond to a DNT or other preference signal is accurate. Companies will also need to understand their practices from a couple of different angles:
When assessing your company’s obligations under AB 370, remember that under CalOPPA, personally identifiable information is a defined term that includes identifiers that permit an individual’s physical or online contact.
In addition, remember that the California AG’s office has previously stated that CalOPPA, and thus the new AB 370, applies to mobile applications as well as traditional web sites.
In the coming months TRUSTe will notify clients of the updates to its certification program requirements, and work together with our clients to help them comply.
If you need help preparing to comply, a TRUSTe website scan can help identify the third parties collecting data through your website. Contact your Account Executive to learn more how TRUSTe can help.