Meaningful Privacy Policy Statements – the California Perspective

Last month, California’s Attorney General published her latest privacy-protection guidelines.  The title of the publication is “Making your Privacy Practices Public – Recommendations on Developing a Meaningful Privacy Policy“.

Executive Summary – Meaningful Privacy Policy Statements

Quoting from the beginning of the publication’s Executive Summary [emphasis added]:

Meaningful privacy policy statements safeguard consumers by helping them make informed decisions about which companies they will entrust with their personal information. They are also an opportunity for companies to build their brands and to develop goodwill and trust through transparency. Many privacy policies, however, are overly long and difficult to read without offering meaningful choices to consumers. Indeed, research shows that consumers do not understand, and many do not even read, the privacy policies on the web sites they visit.

The Attorney General’s Office, in furtherance of its mission to protect the inalienable right to privacy conferred by the California Constitution, offers these recommendations to support companies in their work to provide privacy policy statements that are meaningful to consumers. To be specific, the guidance set forth here is intended to encourage companies to craft privacy policy statements that address significant data collection and use practices, use plain language, and are presented in a readable format.

The Executive Summary includes the following Highlights of Recommendations:

Readability

• Use plain, straightforward language. Avoid technical or legal jargon.
• Use a format that makes the policy readable, such as a layered format.

 Online Tracking/Do Not Track

• Make it easy for a consumer to find the section in which you describe your policy regarding online tracking by labeling it, for example: “How We Respond to Do Not Track Signals,” “Online Tracking” or “California Do Not Track Disclosures.”
• Describe how you respond to a browser’s Do Not Track signal or to other such mechanisms. This is more transparent than linking to a “choice program.”
• State whether other parties are or may be collecting personally identifiable information of consumers while they are on your site or service.

 Data Use and Sharing

• Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of an online service.
• Whenever possible, provide a link to the privacy policies of third parties with whom you share personally identifiable information.

 Individual Choice and Access

• Describe the choices a consumer has regarding the collection, use and sharing of his or her personal information.

Accountability

• Tell your customers whom they can contact with questions or concerns about your privacy policies and practices.

In summary, the publication can help any business – whether located in California or elsewhere – develop a meaningful privacy policy.

Related posts:

• If You Want Personal Info from CA Residents, You Need a Privacy Policy
• Privacy on the Go – California Attorney General Publishes Recommendations

Dana H. Shultz, Attorney at Law  +1 510 547-0545  dana [at] danashultz [dot] com
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact a lawyer directly.