Does California’s Strict New Internet Data Privacy Law Apply to You?

pa-privacyAs many of our readers already know, California’s new data privacy law went into effect earlier this month on January 1, 2014.  The law places strict requirements on operators of websites and other online services that collect certain information about California residents.  In addition to addressing other aspects of collecting personally identifiable information (“PII”) from California residents, the new law focuses on the collection and use of “cookies.”  For those that are unaware, “cookies” are small files that are stored on users’ computers to track Internet activity and allow online marketers to deliver targeted advertising to them.

Who Must Comply With California’s Data Privacy Law?

The scope of California’s new Internet data privacy law is broad and is applicable to any entity that operates a commercial website or online service that collects California consumer PII.  The California Attorney General’s Office has made clear that service providers are specifically excluded from the requirements set forth in the data privacy law.

What Does California’s Data Privacy Law Require?

California’s data privacy law requires, among other things, that the Privacy Policies of covered entities:  (1) identify the categories of PII that are collected and the third-parties that the PII may be shared with; (2) provide a description of the process for users to review and change their preferences for the types and amount of PII collected; (3) describe the process by which users are notified of material changes to the Privacy Policy; (4) disclose how the operator responds to users’ “do not track” web browser signals PII; and (5) disclose whether third parties may collect user PII across different websites when consumers uses the operator’s website or service.

Concerns with the Internet Data Privacy Law

How do you know that a person visiting your website is a California State resident? Even if you track the person’s IP address, there is no way of really knowing where the person resides.  For example, a California resident could be vacationing in New York and visit your website from there.  Or, a California resident could work in a neighboring state and access your website from his or her office computer.  The only sure way to protect your company is to apply the new California requirements to your website across the board (for all consumers, regardless of location).

If you are interested in learning more about this topic, please e-mail us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising


David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Trending Topics