The Far Reach of Cal.OPPA. Cal.OPPA extends beyond California borders and requires a Minnesota business that operates a website that collects personally identifiable information from California consumers to post a conspicuous privacy policy on its website as well as mobile apps and mobile devices. Cal.OPPA essentially operates as a national law as it has potential impact on virtually every website or mobile app that collects personally identifiable information from consumers. The California Attorney General has been aggressive at enforcing Cal. OPPA, including going after businesses with corporate offices outside California. Delta Airlines was found non-compliant by not having a conspicuous privacy policy on its mobile app called “Fly Delta.” The California Attorney General has also reached an agreement with major app platforms requiring apps delivered through their platforms to have clear privacy policies. Do Not Track. Cal.OPPA now includes the first state law to address Do Not Track (DNT) signals sent from web browsers. The law does not require advertisers or website operators to honor those signals but does require operators of websites and online services, including mobile applications, to notify users about how they handle DNT signals. Data Breach Notification. A business that possesses data of California residents is required to disclose a breach of a user’s online account information. California Civil Code Section 1798.82 specifically requires that the business disclose the breach of “[a] user-name or email address in combination with a password or security question and answer that would permit access to an online account”. This law makes such disclosures of the breach mandatory and creates specific requirements for the notification. The Right to Be Forgotten - Eraser Law. Effective January 1, 2015, the so-called California Eraser Law (Cal. Bus. & Prof. Code §§ 22580-22582) requires website and mobile app operators to provide minors (California residents under 18) with: 1) the ability to remove or request removal of content that the minor has posted on the website or mobile app; 2) notice and clear instruction on how to remove the data; and 3) notice that such 116
Made with FlippingBook - Online Brochure Maker