If you operate your business from California or have a customer base in California, you're required to comply with the California Online Privacy Protection Act (CalOPPA), which requires websites to notify users how that website responds to "Do Not Track" settings.
This article will look at this requirement and what you need to do to comply with it today.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
What is Do Not Track
"Do Not Track" - shortened as DNT - is a preference that users can set on their browsers (if supported) to opt out of online behavioral tracking done by various companies, such as Google AdWords.
The DNT requirements come from the California Online Privacy Protection Act (CalOPPA), which requires websites to notify users how that website responds to the "Do Not Track" setting by doing one of the following:
- The website responds to the DNT setting of a user's web browser, or
- The website doesn't follow the DNT setting
It's important to note that companies are only required to notify users if they follow the response of a user's Do Not Track setting. Companies are not required to actually follow the response, only to notify if they follow the setting or not.
Even if your company isn't operating from within California, it still may have users from California. In fact, it very likely and almost certainly does.
Best practices by most online companies recommended that you don't respond to the DNT header until you're 100% sure that all third parties that your website is using, i.e. Google Analytics, will also respond in the same way.
Your simple website is following the Do Not Track setting, but you use Google Analytics. Google Analytics in return doesn't follow the DNT setting.
Examples of Do Not Track Clauses
Here's how Apple includes a Do Not Track disclosure within its Privacy Disclosure specifically for California customers:
LinkedIn includes its DNT information within a very short clause that also addresses direct marketing:
While the clause itself is short, which is fine, LinkedIn does link the clause to an additional page for its California Online Privacy Protection Act Notice where it goes into much further detail about what DNT is, in general, and more specific information about the company's handling of such things:
If you fall under the scope of CalOPPA, you will need to disclose whether or not you follow Do Not Track signals.
You aren't required to follow them or not. You simply need to disclose whether or not you do.