Editor’s note: John Yates chairs the Technology Group and Paul Arne is a Partner in the Technology Group of the law firm Morris, Manning & Martin.In 2003, California adopted several important laws related to the use of computer technology and the Internet. These laws may have an impact on every business in the U.S. that has a web site. Also, these Internet laws may be copied by other states and enacted across the country.
The Online Privacy Protection Act was signed by the Governor of California in October, 2003. It will go into effect on July 1, 2004. This legislation involves privacy policies on web sites and imposes some new strict standards.
Who regulates web privacy? Until now, privacy policies on the web have been regulated mostly by the Federal Trade Commission. The FTC has brought actions against companies when the privacy policies on their web sites have differed from their actual privacy practices. The argument is that using personal data differently from the privacy policies as disclosed is a form of unfair and deceptive trade practice.
What’s the scope of the Online Privacy Protection Act? The scope of the Online Privacy Protection Act is very broad. Note that neither the web server nor the company that created the web site have to be in California to be under the scope of the law. The web site only has to be accessed by California residents. Therefore, many web sites will be subject to the jurisdictional reach of the new law.
What does the California law require? The California law specifically requires that commercial web sites have conspicuously placed privacy policies — at least for those web sites that collect personally identifiable information from consumers who reside in California. Many web sites require personally identifiable information — data about an individual that would identify them as opposed to anonymous information from a user.
Any business with a web site should review the provisions of the Online Privacy Protection Act. Importantly, if you collect personally identifiable information from your visitors, you should implement steps to make sure that your privacy policies conform to this new law.
John Yates Chairs the Technology Group of the law firm Morris, Manning & Martin, LLP, which has offices in Atlanta, Charlotte and Washington, D.C. He can be reached at email@example.com and (404) 504-5444.
Paul Arne is a Partner in the Technology Group of the law firm Morris, Manning & Martin, LLP. His practice focuses on ecommerce and internet legal issues. He can be reached at firstname.lastname@example.org and (404) 504-7784.
This column is presented for educational and information purposes and is not intended to constitute legal advice.