The California Attorney General has been aggressive at enforcing Cal. OPPA, including going after businesses with corporate offices outside California. Delta Airlines was found non-compliant by not having a conspicuous privacy policy on its mobile app called “Fly Delta.” The California Attorney General has also reached an agreement with major app platforms requiring apps delivered through their platforms to have clear privacy policies. Do Not Track. Cal.OPPA now includes the first state law to address Do Not Track (DNT) signals sent from web browsers. The law does not require advertisers or website operators to honor those signals but does require operators of websites and online services, including mobile applications, to notify users about how they handle DNT signals. Data Breach Notification. A business that possesses data of California residents is required to disclose a breach of a user’s online account information. California Civil Code Section 1798.82 specifically requires that the business disclose the breach of “[a] user name or email address in combination with a password or security question and answer that would permit access to an online account”. This law makes such disclosures of the breach mandatory and creates specific requirements for the notification. The Right to Be Forgotten - Eraser Law. Effective January 1, 2015, the so-called California Eraser Law (Cal. Bus. & Prof. Code §§ 22580-22582) requires website and mobile app operators to provide minors (California residents under 18) with: 1) the ability to remove or request removal of content that the minor has posted on the website or mobile app; 2) notice and clear instruction on how to remove the data; and 3) notice that such removal may not remove all evidence of the posting. The law includes certain exceptions and offers methods for businesses to comply with the removal requirements. The law also imposes restrictions on targeted advertising to minors and prohibits operators of websites or mobile apps from: 1) marketing or advertising certain products to minors based upon information unique to that minor, e.g., activities, interests, profile, address; and 2) using, disclosing, or compiling personal information of
111
Made with FlippingBook - Online Brochure Maker