Does California’s Strict New Internet Data Privacy Law Apply to You?

Home » Blog »


Share on facebook
Share on twitter
Share on linkedin

Get a Free Compliance Review

Our trusted legal counsel can help ensure your business stays compliant.
  • This field is for validation purposes and should be left unchanged.
Print Friendly, PDF & Email

pa-privacyAs many of our readers already know, California’s new data privacy law went into effect earlier this month on January 1, 2014.  The law places strict requirements on operators of websites and other online services that collect certain information about California residents.  In addition to addressing other aspects of collecting personally identifiable information (“PII”) from California residents, the new law focuses on the collection and use of “cookies.”  For those that are unaware, “cookies” are small files that are stored on users’ computers to track Internet activity and allow online marketers to deliver targeted advertising to them.

Who Must Comply With California’s Data Privacy Law?

The scope of California’s new Internet data privacy law is broad and is applicable to any entity that operates a commercial website or online service that collects California consumer PII.  The California Attorney General’s Office has made clear that service providers are specifically excluded from the requirements set forth in the data privacy law.

What Does California’s Data Privacy Law Require?

California’s data privacy law requires, among other things, that the Privacy Policies of covered entities:  (1) identify the categories of PII that are collected and the third-parties that the PII may be shared with; (2) provide a description of the process for users to review and change their preferences for the types and amount of PII collected; (3) describe the process by which users are notified of material changes to the Privacy Policy; (4) disclose how the operator responds to users’ “do not track” web browser signals PII; and (5) disclose whether third parties may collect user PII across different websites when consumers uses the operator’s website or service.

Concerns with the Internet Data Privacy Law

How do you know that a person visiting your website is a California State resident? Even if you track the person’s IP address, there is no way of really knowing where the person resides.  For example, a California resident could be vacationing in New York and visit your website from there.  Or, a California resident could work in a neighboring state and access your website from his or her office computer.  The only sure way to protect your company is to apply the new California requirements to your website across the board (for all consumers, regardless of location).

If you are interested in learning more about this topic, please e-mail us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Trending Topics

SMS Text Messages and the TCPA- Klein Moynihan Turco LLP

SMS Text Messaging and the TCPA

Print Friendly, PDF & Email

Short Message Service (SMS) text messaging has become a ubiquitous form of communication for people over the last decade.  Consequently, marketers and advertisers who are

Read More »